Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

24816 risultati

VulnerabilitàAlta
CVE-2026-56378 - ImageMagick - Heap Out-of-Bounds Read in PCD Decoder

CVE ID :CVE-2026-56378 Published : June 21, 2026, 1:26 p.m. | 6 hours, 16 minutes ago Description :ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, resulting in denial of service and potential disclosure of an adjacent heap byte. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56367 - ImageMagick - Heap Out-of-Bounds Read in PSB RLE Decoding

CVE ID :CVE-2026-56367 Published : June 21, 2026, 1:26 p.m. | 6 hours, 16 minutes ago Description :ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56316 - Cap-go - Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/*

CVE ID :CVE-2026-56316 Published : June 21, 2026, 1:26 p.m. | 6 hours, 16 minutes ago Description :Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies. Attackers can probe the endpoint without authentication to distinguish valid job IDs from invalid ones and generate sustained unauthenticated traffic for resource consumption. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56299 - Capgo - Denial of Service via Unauthenticated OPTIONS Request to /build/upload Endpoint

CVE ID :CVE-2026-56299 Published : June 21, 2026, 1:26 p.m. | 6 hours, 16 minutes ago Description :Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/* endpoint that allows unauthenticated attackers to trigger consistent 500 errors. Remote attackers can send OPTIONS requests to bypass authentication middleware and invoke tusProxy logic with invalid credentials, enabling trivial request flooding and denial of service. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56265 - Crawl4AI - Authentication Bypass via Hardcoded JWT Signing Key

CVE ID :CVE-2026-56265 Published : June 21, 2026, 1:26 p.m. | 4 hours, 16 minutes ago Description :Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected functionality. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56253 - Capgo - Unauthenticated Organization Member Email Disclosure via get_org_members RPC

CVE ID :CVE-2026-56253 Published : June 21, 2026, 1:26 p.m. | 2 hours, 16 minutes ago Description :Capgo before 12.128.2 contains an improper access control vulnerability in the public.get_org_members RPC function that allows unauthenticated attackers to enumerate organization members. Attackers can invoke the endpoint using only the public sb_publishable_* key and an organization UUID to retrieve sensitive member information including email addresses, user IDs, roles, and pending invitations. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56251 - Capgo - Privilege Escalation via Broken Row Level Security in org_users

CVE ID :CVE-2026-56251 Published : June 21, 2026, 1:26 p.m. | 2 hours, 16 minutes ago Description :Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from admin to super_admin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized super_admin access and compromise system security. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56239 - Capgo - Privilege Escalation via SECURITY DEFINER Function apply_usage_overage

CVE ID :CVE-2026-56239 Published : June 21, 2026, 1:26 p.m. | 2 hours, 16 minutes ago Description :Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.apply_usage_overage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks (no validation of auth.uid(), org membership, or check_min_rights). Because the function runs with the owner's privileges, it bypasses Row Level Security. If EXECUTE permission is available to the authenticated or anon roles (explicitly or via default privileges), an authenticated user could invoke it via Supabase RPC to manipulate billing data for arbitrary organizations, including unauthorized credit depletion and fraudulent overage event insertion. Severity: 7.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56242 - Capgo - Unauthenticated API Key Validity Oracle and User Identity Disclosure via get_identity_apikey_only RPC

CVE ID :CVE-2026-56242 Published : June 21, 2026, 1:26 p.m. | 2 hours, 16 minutes ago Description :Capgo before 12.128.2 contains an unauthenticated security definer RPC function get_identity_apikey_only that returns the owning user_id for supplied API keys, creating an API key validity oracle and user identity disclosure primitive. Attackers can call this endpoint with valid or invalid API keys to confirm key validity and map keys to user identifiers, then chain results into other exposed RPCs like get_orgs_v6 to retrieve organization membership and management email PII. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56236 - Capgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations

CVE ID :CVE-2026-56236 Published : June 21, 2026, 1:26 p.m. | 2 hours, 16 minutes ago Description :Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI. Severity: 6.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-56229 - Capgo - Cross-App Build Job Access via app_id/job_id Mismatch in /build/status and /build/logs

CVE ID :CVE-2026-56229 Published : June 21, 2026, 1:26 p.m. | 2 hours, 16 minutes ago Description :Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched app_id and job_id combination. Limited API keys restricted to a single app can retrieve build status and logs from other apps by providing an authorized app_id while using a job_id from an unauthorized app, exposing sensitive build information including logs, metadata, and potentially credentials. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2025-71378 - picklescan - Remote Code Execution via Undetected cProfile.runctx in Pickle Files

CVE ID :CVE-2025-71378 Published : June 21, 2026, 1:26 p.m. | 2 hours, 16 minutes ago Description :picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load(). Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026

Pagina 170 di 2068

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.