Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

24544 risultati

VulnerabilitàAlta
CVE-2026-9733 - Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter

CVE ID :CVE-2026-9733 Published : June 23, 2026, 7:05 a.m. | 4 hours, 38 minutes ago Description :Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time (which is leaked via the HTTP Date header) and a call to Perl's built-in rand function. A predictable state allows an attacker to hijack another user's session through cross site request forgery (CSRF). Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2026-8172 - Simple Basic Contact Form <= 20250114 - Reflected XSS

CVE ID :CVE-2026-8172 Published : June 23, 2026, 6 a.m. | 5 hours, 44 minutes ago Description :The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors via a crafted link or cross-site form submission. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2026-8379 - Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download

CVE ID :CVE-2026-8379 Published : June 23, 2026, 6 a.m. | 5 hours, 44 minutes ago Description :The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating identifiers. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2026-7842 - Infility Global < 2.15.20 - Editor+ SQL Injection via orderby Parameter

CVE ID :CVE-2026-7842 Published : June 23, 2026, 6 a.m. | 5 hours, 44 minutes ago Description :The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the import_list(), url_detail(), and file_detail() admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level access or higher to perform time-based blind SQL injection and extract sensitive data from the database. The ImportData module must be enabled via the Infility Global WordPress plugin before 2.15.20's module toggle page. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2026-8163 - Infility Global < 2.15.19 - Subscriber+ SQL Injection via order Parameter

CVE ID :CVE-2026-8163 Published : June 23, 2026, 6 a.m. | 5 hours, 44 minutes ago Description :The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2026-8378 - Frontend File Manager Plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File Rename

CVE ID :CVE-2026-8378 Published : June 23, 2026, 6 a.m. | 5 hours, 44 minutes ago Description :The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it as post meta and rendering it back on the admin File Manager listing, leading to a Stored Cross-Site Scripting vulnerability exploitable by users with Subscriber-level access and above against an administrator viewing the file management interface. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2026-12866 - expr-eval Code Execution via toJSFunction

CVE ID :CVE-2026-12866 Published : June 23, 2026, 5 a.m. | 6 hours, 44 minutes ago Description :All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function(). Because user-controlled expressions are transformed directly into executable JavaScript, attackers can escape the intended expression sandbox and run arbitrary code within the application's context. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
News
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative the artificial intelligence (AI) company announced last mont ... Read more Published Date: Jun 23, 2026 (3 days, 19 hours ago) Vulnerabilities has been mentioned in this article.

CVEfeed Newsroom23 giu 2026
VulnerabilitàAlta
CVE-2026-55654 - Openssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi indicator cleanup due to missing null sentinel termination

CVE ID :CVE-2026-55654 Published : June 23, 2026, 3:37 a.m. | 8 hours, 7 minutes ago Description :A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service. Severity: 3.7 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2026-55655 - Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions

CVE ID :CVE-2026-55655 Published : June 23, 2026, 3:36 a.m. | 8 hours, 7 minutes ago Description :A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input, and may allow some manipulation of the forwarded session. Severity: 5.0 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2026-55653 - Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service

CVE ID :CVE-2026-55653 Published : June 23, 2026, 3:36 a.m. | 8 hours, 7 minutes ago Description :A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS). Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026
VulnerabilitàAlta
CVE-2026-11833 - FAST/TOOLS CI Server Information Disclosure

CVE ID :CVE-2026-11833 Published : June 23, 2026, 12:53 a.m. | 10 hours, 50 minutes ago Description :Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server (All packages) R1.01 to R1.04 Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE23 giu 2026

Pagina 129 di 2046

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.