2969 matches found
CVE-2025-6254
creationtimestamp| type| source ---|---|--- 2026-06-10 11:00:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnwkntijit26 2026-06-10 11:11:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnwlbd3rzn2c 2026-06-10 12:00:15+00:00| seen|...
CVE-2026-9185
The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...
CVE-2026-46518
creationtimestamp| type| source ---|---|--- 2026-06-10 01:00:03+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnvj3po4ik2r 2026-06-10 02:00:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnvmi3n2fb2n...
CVE-2026-48303
creationtimestamp| type| source ---|---|--- 2026-06-09 22:01:06+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnv73qzggu2v 2026-06-09 22:12:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnv7picz7l2o 2026-06-10 04:30:30+00:00| seen|...
CVE-2026-49956
Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...
CVE-2026-45447
creationtimestamp| type| source ---|---|--- 2026-06-09 13:57:29+00:00| seen| https://bsky.app/profile/xeiaso.net/post/3mnue2z4hbv2v 2026-06-09 14:00:28+00:00| seen| https://bsky.app/profile/cadey.pony.social.ap.brid.gy/post/3mnue3epkwyc2 2026-06-09 14:48:37+00:00| seen|...
CVE-2026-9185 6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter
The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...
WordPress plugin 6Storage Rentals 安全漏洞
WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. There is a security vulnerability in WordPress Plugin...
PT-2026-47854
Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...
CVE-2026-46656
creationtimestamp| type| source ---|---|--- 2026-06-08 17:00:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mns5t6aszh2s 2026-06-08 17:02:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mns5w7ytr72f...
CVE-2026-50131
creationtimestamp| type| source ---|---|--- 2026-06-08 14:57:55+00:00| seen| https://bsky.app/profile/fedify.hollo.social.ap.brid.gy/post/3mnrwxyyvdir2 2026-06-08 15:09:05+00:00| seen| https://bsky.app/profile/hollo.hollo.social.ap.brid.gy/post/3mnrxlz2slhe2 2026-06-09 02:30:30+00:00| seen|...
6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter
Description The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserIn...
CVE-2026-11453
creationtimestamp| type| source ---|---|--- 2026-06-07 04:30:26+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mnodh6oluy2a 2026-06-07 04:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116706942877312373...
CVE-2026-48907
A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...
CVE-2026-9290
creationtimestamp| type| source ---|---|--- 2026-06-06 01:00:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnlha7sokz2g 2026-06-06 01:23:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnlikqk23d2r 2026-06-06 06:00:11+00:00| seen|...
CVE-2026-11416
creationtimestamp| type| source ---|---|--- 2026-06-05 22:59:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnlajcy3g72l 2026-06-05 22:59:58+00:00| seen| https://bsky.app/profile/potato.software/post/3mnlajecvof2j 2026-06-05 23:30:45+00:00| seen|...
CVE-2026-36748
RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...
CVE-2026-25624
CVE-2026-25624 is an administrative cross-site scripting vulnerability in the web UI dashboard layout of Arista Edge Threat Management NGFW. The issue involves unvalidated user-supplied variables echoed back to administrative profiles, enabling XSS when an attacker has administrative UI access. A...
EUVD-2026-34911
An administrative cross-site scripting XSS vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processin...
CVE-2026-25624 Arista Edge Threat Management NGFW UI Administrative Cross-Site Scripting
An administrative cross-site scripting XSS vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processin...