161 matches found
CVE-2026-9185
The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...
WordPress plugin 6Storage Rentals 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2026-50213
The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...
EUVD-2026-34225
The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...
CVE-2026-50213 Bulk User Private Data Harvesting
The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the account verification endpoint/v1/User/validate, which returns a full set of user profile data tables. It is possible to...
CVE-2026-38587
An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...
CVE-2026-38587
An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...
CVE-2026-38587
An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...
EUVD-2026-31838
An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...
PT-2026-45157
Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description The TwigProfilerDumperHtmlDumper component fails to escape the output of Profile::getTemplate and Profile::getName when writing to HTML. If an attacker can control the template name—which may...
Insufficient Granularity of Access Control
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control via the user handler in the resource account service. An attacker...
GHSA-8QJV-JJ2Q-X832 Auth.js SDK has Improper Permission Checking
Description Under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. Am I Affected? Users are affected if they meet each of the following preconditions: - Applications built...
PT-2026-38263
Name of the Vulnerable Software and Affected Versions auth0-js versions 8.11.0 through 9.32.0 Description Improper validation in the Auth0.js SDK may allow the return of user profile data when a specifically crafted invalid ID token is used in conjunction with a valid access token. This issue...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Protection was added to the device queue against concurrent access. In the dasdprofilestart function, the number of requests on the device queue is counted. However, access to the device queue is not protected against...
WordPress plugin UsersWP 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
BIT-DISCOURSE-2026-32099 Discourse prevents hidden profile data leak via user onebox
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's profile U...
CVE-2026-32099 Discourse prevents hidden profile data leak via user onebox
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...
EUVD-2026-13332
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...
CVE-2026-26066
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with IPTCTEXT. Versions 7.1.2-15 and 6.9.13-40 contain a patch...