Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

24751 risultati

VulnerabilitàAlta
CVE-2025-4994 - Authentication Bypass for SafeLine SL6 and SL6+

CVE ID :CVE-2025-4994 Published : June 22, 2026, 8:10 a.m. | 5 hours, 33 minutes ago Description :The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy (BLE) interface. Consequently, an attacker within wireless range can gain unauthorized administrative access to the device configuration. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2025-62198 - Apache Atlas: Stored XSS in Create Entity page

CVE ID :CVE-2025-62198 Published : June 22, 2026, 7:47 a.m. | 5 hours, 56 minutes ago Description :An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-44914 - Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents

CVE ID :CVE-2026-44914 Published : June 22, 2026, 7:38 a.m. | 6 hours, 5 minutes ago Description :Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not check restricted status when handling requests to replace Process Groups. The missing authorization permits a user with general write access to add components with Restricted status. Apache NiFi installations that do not implement specific authorization for Restricted components are not subject to this vulnerability because the framework enforces write permissions as the security boundary. Upgrading to Apache NiFi 2.9.0 is the recommended mitigation, which removes the implementation of Restricted status authorization from the framework. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-44911 - Apache NiFi: Incorrect Authorization for Configuration Verification Requests

CVE ID :CVE-2026-44911 Published : June 22, 2026, 7:37 a.m. | 6 hours, 6 minutes ago Description :Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed properties override current configuration, enabling users with read access to invoke predefined verification methods with alternative settings. Apache NiFi installations that do not implement different levels of authorization for viewing and modifying component configuration are not subject to this vulnerability. Upgrading to Apache NiFi 2.10.0 is the recommended mitigation, requiring write access to submit configuration verification requests. Severity: 2.3 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-44913 - Apache NiFi: Improper Escaping of Table Names in CaptureChangeMySQL

CVE ID :CVE-2026-44913 Published : June 22, 2026, 7:36 a.m. | 6 hours, 7 minutes ago Description :Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. Manual quoted boundaries added in Apache NiFi 1.8.0 narrowed the scope of potential injection options, but did not cover additional strategies. Apache NiFi installations that do not use the CaptureChangeMySQL Processor are not subject to this vulnerability. Upgrading to Apache NiFi 2.10.0 is the recommended mitigation, which incorporates more robust identifier escaping. Severity: 5.2 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-54665 - Apache NiFi: Missing Validation for Proxy Host Headers

CVE ID :CVE-2026-54665 Published : June 22, 2026, 7:34 a.m. | 6 hours, 9 minutes ago Description :Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in the HTTP Host header, but did not apply the validation to alternative Proxy and Forwarded headers. The absence of proxy host header validation allowed a client to instruct Apache NiFi web services to construct invalid qualified URLs for redirection or data references. Upgrading to Apache NiFi 2.10.0 is the recommended mitigation, which implements validation for the X-ProxyHost and X-Forwarded-Host HTTP request headers based on the nifi.web.proxy.host property. Enabling header validation requires configuring the application with HTTPS. Reverse proxy servers in front of Apache NiFi are responsible for filtering input request headers and providing allowed values to the application. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
News
AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network

AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin's XLab calls it AryStinger and ... Read more Published Date: Jun 22, 2026 (4 days, 2 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-11645 CVE-2025-11837 CVE-2013-3307 CVE-2016-5681

CVEfeed Newsroom22 giu 2026
VulnerabilitàAlta
CVE-2025-66336 - Apache Doris MCP Server: SQL injection leading the authentication bypass

CVE ID :CVE-2025-66336 Published : June 22, 2026, 6:55 a.m. | 6 hours, 48 minutes ago Description :Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymous attacker if authentication is disabled, to bypass SQL security validation and access metadata outside the intended database scope. Affected users are recommended to upgrade to Doris version 0.6.1 or later, which fixes the issue. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-8157 - Vitepos < 3.4.2 - Outlet Manager+ Privilege Escalation

CVE ID :CVE-2026-8157 Published : June 22, 2026, 6 a.m. | 7 hours, 43 minutes ago Description :The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-6858 - Transbank Webpay < 1.14.0 - Unauthenticated Stored XSS

CVE ID :CVE-2026-6858 Published : June 22, 2026, 6 a.m. | 7 hours, 43 minutes ago Description :The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-7859 - Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media

CVE ID :CVE-2026-7859 Published : June 22, 2026, 6 a.m. | 7 hours, 43 minutes ago Description :The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-10530 - Pie Register < 3.8.4.10 - Unauthenticated Email Verification Bypass via Predictable Token

CVE ID :CVE-2026-10530 Published : June 22, 2026, 6 a.m. | 7 hours, 43 minutes ago Description :The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026

Pagina 159 di 2063

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.