News & Sicurezza
Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.
24995 risultati
CVE ID :CVE-2017-20280 Published : June 19, 2026, 4:51 p.m. | 51 minutes ago Description :Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid endpoint to extract sensitive database information. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2017-20279 Published : June 19, 2026, 4:48 p.m. | 55 minutes ago Description :Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the make_payment task to extract sensitive database information using boolean-based blind or time-based blind techniques. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2017-20278 Published : June 19, 2026, 4:44 p.m. | 58 minutes ago Description :Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the category path segment to extract sensitive database information. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2017-20277 Published : June 19, 2026, 4:41 p.m. | 1 hour, 1 minute ago Description :Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2017-20276 Published : June 19, 2026, 4:38 p.m. | 1 hour, 5 minutes ago Description :Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. Attackers can send GET requests to index.php with the option=com_simgenealogy, view=latest parameters and inject malicious SQL in the type parameter to extract sensitive database information. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2017-20275 Published : June 19, 2026, 4:34 p.m. | 1 hour, 8 minutes ago Description :Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_phpbridge&view=phpview parameters and inject SQL code in the id parameter to extract database information including table and column names. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2017-20274 Published : June 19, 2026, 4:31 p.m. | 1 hour, 11 minutes ago Description :Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter. Attackers can send GET requests to index.php with the option=com_lmsking, view=lmsking, layout=learningpath, and task=learningPath parameters to extract sensitive database information. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56210 Published : June 19, 2026, 4:28 p.m. | 1 hour, 14 minutes ago Description :A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows setting a spatial_layer_id exceeding the configured number of layers. This causes an out-of-bounds heap read of approximately 40,728 bytes when computing a layer context array index. An attacker who can influence SVC encoder parameters in a network-facing service could exploit this for information disclosure (heap content leak) or denial of service (segmentation fault from hitting unmapped memory). Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56211 Published : June 19, 2026, 4:28 p.m. | 1 hour, 14 minutes ago Description :A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC (Scalable Video Coding) layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer context structures. In fork-based video processing services, an attacker can use this to hijack the cyclic refresh map pointer, brute-force the process base address via a crash oracle, and redirect control flow to achieve arbitrary command execution. Exploitation requires the target service to use libaom with SVC encoding enabled and accept attacker-supplied video frames. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56209 Published : June 19, 2026, 4:28 p.m. | 1 hour, 14 minutes ago Description :An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel values. The encoder then writes approximately 1,200 bytes at the attacker-controlled address. This is fully deterministic and does not require a separate information leak. An attacker who can supply frames to a network-facing libaom encoder with SVC enabled could exploit this for denial of service or potential code execution. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56208 Published : June 19, 2026, 4:28 p.m. | 1 hour, 14 minutes ago Description :A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing (LAP) mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when g_lag_in_frames is set to 1 or higher. This results in a 232-byte out-of-bounds write on every encoded frame after the second, corrupting adjacent heap objects. An attacker who can influence encoder configuration in a transcoding service or WebRTC session could exploit this to cause a denial of service (process crash) or potentially achieve code execution. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2017-20273 Published : June 19, 2026, 4:28 p.m. | 1 hour, 15 minutes ago Description :Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_registrationpro&view=category&id parameter containing SQL injection payloads to extract sensitive database information. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Pagina 199 di 2083