Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

24780 risultati

VulnerabilitàAlta
CVE-2025-66336 - Apache Doris MCP Server: SQL injection leading the authentication bypass

CVE ID :CVE-2025-66336 Published : June 22, 2026, 6:55 a.m. | 6 hours, 48 minutes ago Description :Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymous attacker if authentication is disabled, to bypass SQL security validation and access metadata outside the intended database scope. Affected users are recommended to upgrade to Doris version 0.6.1 or later, which fixes the issue. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-8157 - Vitepos < 3.4.2 - Outlet Manager+ Privilege Escalation

CVE ID :CVE-2026-8157 Published : June 22, 2026, 6 a.m. | 7 hours, 43 minutes ago Description :The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-6858 - Transbank Webpay < 1.14.0 - Unauthenticated Stored XSS

CVE ID :CVE-2026-6858 Published : June 22, 2026, 6 a.m. | 7 hours, 43 minutes ago Description :The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-7859 - Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media

CVE ID :CVE-2026-7859 Published : June 22, 2026, 6 a.m. | 7 hours, 43 minutes ago Description :The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-10530 - Pie Register < 3.8.4.10 - Unauthenticated Email Verification Bypass via Predictable Token

CVE ID :CVE-2026-10530 Published : June 22, 2026, 6 a.m. | 7 hours, 43 minutes ago Description :The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-4259 - Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_manage_auctions

CVE ID :CVE-2026-4259 Published : June 22, 2026, 6 a.m. | 7 hours, 43 minutes ago Description :The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-4110 - Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_auctions_bids_list

CVE ID :CVE-2026-4110 Published : June 22, 2026, 6 a.m. | 7 hours, 43 minutes ago Description :The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-6645 - Insecure Search Path Vulnerability in PaperCut Print Deploy Client for Windows

CVE ID :CVE-2026-6645 Published : June 22, 2026, 3:24 a.m. | 10 hours, 19 minutes ago Description :An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a secondary system utility using an unqualified file reference. Because the application does not specify an absolute path to this utility, it relies on the operating system's default search order to locate the executable. Under specific conditions, a local attacker with the ability to modify directories within the system's search path could plant a malicious binary that mimics the expected utility. This could result in the malicious code being executed with SYSTEM privileges, leading to a full compromise of the affected host. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-11748 - CentralDogma-Server-Auth-Shiro LDAP Injection

CVE ID :CVE-2026-11748 Published : June 22, 2026, 2:37 a.m. | 11 hours, 6 minutes ago Description :A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate the filter to cause authentication confusion and enumerate the directory structure. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-11746 - CentralDogma Replication Secret Weakness

CVE ID :CVE-2026-11746 Published : June 22, 2026, 2:35 a.m. | 11 hours, 8 minutes ago Description :A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper ensemble, allowing an attacker with network access to read the full replication log or join the quorum and execute arbitrary replicated commands across the cluster. Severity: 9.4 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-11745 - CentralDogma Git Mirror SSH Host Key Verification Bypass

CVE ID :CVE-2026-11745 Published : June 22, 2026, 2:33 a.m. | 11 hours, 10 minutes ago Description :A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026
VulnerabilitàAlta
CVE-2026-8918 - ASUS Armoury Crate Local Privilege Escalation via Arbitrary Memory Corruption

CVE ID :CVE-2026-8918 Published : June 22, 2026, 2 a.m. | 9 hours, 43 minutes ago Description :A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash (BSOD) by bypassing the validation mechanism.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security Advisory for more information. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE22 giu 2026

Pagina 162 di 2065

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.