Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

24830 risultati

VulnerabilitàAlta
CVE-2026-56229 - Capgo - Cross-App Build Job Access via app_id/job_id Mismatch in /build/status and /build/logs

CVE ID :CVE-2026-56229 Published : June 21, 2026, 1:26 p.m. | 2 hours, 16 minutes ago Description :Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched app_id and job_id combination. Limited API keys restricted to a single app can retrieve build status and logs from other apps by providing an authorized app_id while using a job_id from an unauthorized app, exposing sensitive build information including logs, metadata, and potentially credentials. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2025-71378 - picklescan - Remote Code Execution via Undetected cProfile.runctx in Pickle Files

CVE ID :CVE-2025-71378 Published : June 21, 2026, 1:26 p.m. | 2 hours, 16 minutes ago Description :picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load(). Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2025-71357 - picklescan - Arbitrary Code Execution via Undetected idlelib.pyshell.ModifiedInterpreter.runcommand

CVE ID :CVE-2025-71357 Published : June 21, 2026, 1:26 p.m. | 2 hours, 16 minutes ago Description :picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2025-71351 - picklescan - Remote Code Execution via timeit.timeit() Detection Bypass

CVE ID :CVE-2025-71351 Published : June 21, 2026, 1:26 p.m. | 2 hours, 16 minutes ago Description :picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit() in the __reduce__ method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade picklescan detection and execute when pickle.load() is called. Severity: 7.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2025-71348 - picklescan - Arbitrary Code Execution via torch.utils._config_module.load_config Bypass

CVE ID :CVE-2025-71348 Published : June 21, 2026, 1:26 p.m. | 2 hours, 16 minutes ago Description :picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_module.load_config function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply chain attacks. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-12799 - BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization

CVE ID :CVE-2026-12799 Published : June 21, 2026, 10 a.m. | 3 hours, 43 minutes ago Description :A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-12798 - BerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async server-side request forgery

CVE ID :CVE-2026-12798 Published : June 21, 2026, 9:30 a.m. | 4 hours, 13 minutes ago Description :A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument spec_path causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-12795 (CVSS 7.3)

A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.

NVD (NIST)21 giu 2026
VulnerabilitàAlta
CVE-2026-12786 (CVSS 7.8)

A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this issue is some unknown functionality in the library bootpt64.sys of the component Kernel Driver. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

NVD (NIST)21 giu 2026
VulnerabilitàAlta
CVE-2026-12797 - BerriAI litellm Completions banned_keywords.py async_pre_call_hook authorization

CVE ID :CVE-2026-12797 Published : June 21, 2026, 9:15 a.m. | 4 hours, 28 minutes ago Description :A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_pre_call_hook of the file enterprise/enterprise_hooks/banned_keywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-12796 - BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration

CVE ID :CVE-2026-12796 Published : June 21, 2026, 9 a.m. | 4 hours, 43 minutes ago Description :A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redirect_response_from_openid of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026
VulnerabilitàAlta
CVE-2026-12795 - BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication

CVE ID :CVE-2026-12795 Published : June 21, 2026, 8:30 a.m. | 5 hours, 13 minutes ago Description :A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE21 giu 2026

Pagina 172 di 2070

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.