Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

24816 risultati

VulnerabilitàAlta
CVE-2025-71357 (CVSS 8.1)

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.

NVD (NIST)21 giu 2026
VulnerabilitàAlta
CVE-2025-71348 (CVSS 8.1)

picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_module.load_config function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply chain attacks.

NVD (NIST)21 giu 2026
VulnerabilitàAlta
CVE-2026-56397 - SiYuan - Remote Code Execution via Malicious Bazaar Package Metadata and README

CVE ID :CVE-2026-56397 Published : June 21, 2026, 1:27 p.m. | 10 hours, 16 minutes ago Description :SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package displayName, description, or README fields, exploiting Electron's nodeIntegration setting to execute OS commands. Severity: 9.6 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56396 - phpMyFAQ - Privilege Escalation via Missing Authorization in editUser() and updateUserRights()

CVE ID :CVE-2026-56396 Published : June 21, 2026, 1:27 p.m. | 8 hours, 16 minutes ago Description :phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_superadmin flag or grant arbitrary rights to escalate to SuperAdmin access. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56395 - SiYuan - Remote Code Execution via Malicious Bazaar Package Metadata and README

CVE ID :CVE-2026-56395 Published : June 21, 2026, 1:27 p.m. | 8 hours, 16 minutes ago Description :SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package displayName, description, or README fields, exploiting Electron's nodeIntegration setting to execute OS commands. Severity: 9.6 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56394 - Craft CMS - Authenticated Path Traversal in assets/icon Extension Parameter

CVE ID :CVE-2026-56394 Published : June 21, 2026, 1:27 p.m. | 8 hours, 16 minutes ago Description :Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files, allowing local file read access. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56385 - Craft CMS - Authorization Bypass in assets/preview-file Endpoint

CVE ID :CVE-2026-56385 Published : June 21, 2026, 1:27 p.m. | 8 hours, 16 minutes ago Description :Craft CMS versions >= 5.0.0-RC1, = 4.0.0-RC1, Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56393 - Craft CMS - Multiple Stored Cross-Site Scripting in Settings Names and Field Options

CVE ID :CVE-2026-56393 Published : June 21, 2026, 1:27 p.m. | 8 hours, 16 minutes ago Description :Craft CMS 4.x (>= 4.0.0-RC1, = 5.0.0-RC1, Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56384 - Craft CMS - Missing Authorization in assets/preview-thumb Endpoint

CVE ID :CVE-2026-56384 Published : June 21, 2026, 1:27 p.m. | 8 hours, 16 minutes ago Description :Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview link for that private asset, because no asset-view permission check is performed before preview generation. This affects versions >= 4.0.0-RC1, = 5.0.0-RC1, Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56383 - Craft CMS - Stored XSS in Table Field via Row Heading Column Type

CVE ID :CVE-2026-56383 Published : June 21, 2026, 1:26 p.m. | 8 hours, 16 minutes ago Description :Craft CMS contains a stored cross-site scripting (XSS) vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account (with allowAdminChanges enabled) to inject arbitrary JavaScript that executes when another user views a page containing the affected table field. Affected versions are >= 4.5.0-beta.1 through 4.16.18 and >= 5.0.0-RC1 through 5.8.22; fixed in 4.16.19 and 5.8.23. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56381 - Craft CMS - Stored XSS via User Group Name in User Permissions Page

CVE ID :CVE-2026-56381 Published : June 21, 2026, 1:26 p.m. | 8 hours, 16 minutes ago Description :Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user group names are rendered without proper HTML escaping. Attackers with admin access can inject arbitrary JavaScript via the user group name field that executes when other users view or edit permissions. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56382 - Craft CMS - Remote Code Execution via Missing Config Sanitization in FieldsController

CVE ID :CVE-2026-56382 Published : June 21, 2026, 1:26 p.m. | 8 hours, 16 minutes ago Description :Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026

Pagina 169 di 2068

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.