Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

24423 risultati

VulnerabilitàAlta
CVE-2026-56225 - Capgo - Authorization Bypass in API Key Management via App-Limited Keys

CVE ID :CVE-2026-56225 Published : June 23, 2026, 12:12 p.m. | 1 hour, 31 minutes ago Description :Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers (get/put/delete/post). API keys created with mode=all but restricted to a single app via limited_to_apps are only checked for limited_to_orgs and not for limited_to_apps, so an app-scoped key can enumerate, update, and delete sibling API keys belonging to the same account that are outside its declared app scope, enabling tampering with account-level credentials. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2026-56222 - Capgo - Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings

CVE ID :CVE-2026-56222 Published : June 23, 2026, 12:12 p.m. | 1 hour, 31 minutes ago Description :Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails to verify app_id ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by other organizations, enabling unauthorized read and modification of victim applications. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2025-71376 - picklescan - Arbitrary Code Execution via Undetected idlelib.autocomplete.AutoComplete.fetch_completions

CVE ID :CVE-2025-71376 Published : June 23, 2026, 12:12 p.m. | 1 hour, 31 minutes ago Description :picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2025-71370 - picklescan - Remote Code Execution via torch.jit.unsupported_tensor_ops.execWrapper

CVE ID :CVE-2025-71370 Published : June 23, 2026, 12:12 p.m. | 1 hour, 31 minutes ago Description :picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load(). Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2025-71341 - picklescan - Remote Code Execution via Undetected profile.Profile.runctx

CVE ID :CVE-2025-71341 Published : June 23, 2026, 12:12 p.m. | 1 hour, 31 minutes ago Description :picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution when the pickle file is loaded. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2025-71365 - picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran.myeval Detection Bypass

CVE ID :CVE-2025-71365 Published : June 23, 2026, 12:12 p.m. | 1 hour, 31 minutes ago Description :picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
News
Vulnerability in DRIMO CMS software

Vulnerability in DRIMO CMS software Vulnerability in DRIMO CMS software CVE ID CVE-2026-11772 Publication date 23 June 2026 Vendor DRIMO Product DRIMO CMS Vulnerable versions All through 1.0 Vulnerability type (CWE) Improper Neutralizat ... Read more Published Date: Jun 23, 2026 (5 days, 23 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-11772

CVEfeed Newsroom23 giu 2026
News
Kritiek beveiligingslek in FFmpeg maakt remote code execution mogelijk

Kritiek beveiligingslek in FFmpeg maakt remote code execution mogelijk Een kritieke kwetsbaarheid in het zeer veelgebruikte 'multimedia framework' FFmpeg maakt remote code execution mogelijk als er een speciaal geprepareerd mediabestand wordt verwerkt. In het geval van b ... Read more Published Date: Jun 23, 2026 (5 days, 19 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-8461

CVEfeed Newsroom23 giu 2026
News
Vulnerability in Totolink EX1200L router software

Vulnerability in Totolink EX1200L router software Vulnerability in Totolink EX1200L router software CVE ID CVE-2026-44089 Publication date 23 June 2026 Vendor Totolink Product EX1200L Vulnerable versions 9.3.5u.6146_B20201023 Vulnerability type (CWE) ... Read more Published Date: Jun 23, 2026 (4 days, 20 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-44089

CVEfeed Newsroom23 giu 2026
VulnerabilitàAlta
CVE-2026-11374 - Account Takeover via Predictable SSO Ticket Generation

CVE ID :CVE-2026-11374 Published : June 23, 2026, 8:19 a.m. | 3 hours, 24 minutes ago Description :In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover. Severity: 9.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2026-10521 - Authenticated unintended access to critical program parameters

CVE ID :CVE-2026-10521 Published : June 23, 2026, 7:34 a.m. | 4 hours, 10 minutes ago Description :An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2026-9733 - Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter

CVE ID :CVE-2026-9733 Published : June 23, 2026, 7:05 a.m. | 4 hours, 38 minutes ago Description :Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time (which is leaked via the HTTP Date header) and a call to Perl's built-in rand function. A predictable state allows an attacker to hijack another user's session through cross site request forgery (CSRF). Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026

Pagina 118 di 2036

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.