News & Sicurezza
Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.
24404 risultati
Kritiek beveiligingslek in FFmpeg maakt remote code execution mogelijk Een kritieke kwetsbaarheid in het zeer veelgebruikte 'multimedia framework' FFmpeg maakt remote code execution mogelijk als er een speciaal geprepareerd mediabestand wordt verwerkt. In het geval van b ... Read more Published Date: Jun 23, 2026 (5 days, 19 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-8461
Vulnerability in Totolink EX1200L router software Vulnerability in Totolink EX1200L router software CVE ID CVE-2026-44089 Publication date 23 June 2026 Vendor Totolink Product EX1200L Vulnerable versions 9.3.5u.6146_B20201023 Vulnerability type (CWE) ... Read more Published Date: Jun 23, 2026 (4 days, 20 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-44089
CVE ID :CVE-2026-11374 Published : June 23, 2026, 8:19 a.m. | 3 hours, 24 minutes ago Description :In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover. Severity: 9.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10521 Published : June 23, 2026, 7:34 a.m. | 4 hours, 10 minutes ago Description :An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-9733 Published : June 23, 2026, 7:05 a.m. | 4 hours, 38 minutes ago Description :Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time (which is leaked via the HTTP Date header) and a call to Perl's built-in rand function. A predictable state allows an attacker to hijack another user's session through cross site request forgery (CSRF). Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7842 Published : June 23, 2026, 6 a.m. | 5 hours, 44 minutes ago Description :The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the import_list(), url_detail(), and file_detail() admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level access or higher to perform time-based blind SQL injection and extract sensitive data from the database. The ImportData module must be enabled via the Infility Global WordPress plugin before 2.15.20's module toggle page. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8163 Published : June 23, 2026, 6 a.m. | 5 hours, 44 minutes ago Description :The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8172 Published : June 23, 2026, 6 a.m. | 5 hours, 44 minutes ago Description :The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors via a crafted link or cross-site form submission. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8378 Published : June 23, 2026, 6 a.m. | 5 hours, 44 minutes ago Description :The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it as post meta and rendering it back on the admin File Manager listing, leading to a Stored Cross-Site Scripting vulnerability exploitable by users with Subscriber-level access and above against an administrator viewing the file management interface. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8379 Published : June 23, 2026, 6 a.m. | 5 hours, 44 minutes ago Description :The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating identifiers. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-12866 Published : June 23, 2026, 5 a.m. | 6 hours, 44 minutes ago Description :All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function(). Because user-controlled expressions are transformed directly into executable JavaScript, attackers can escape the intended expression sandbox and run arbitrary code within the application's context. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative the artificial intelligence (AI) company announced last mont ... Read more Published Date: Jun 23, 2026 (3 days, 19 hours ago) Vulnerabilities has been mentioned in this article.
Pagina 117 di 2034