Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

25016 risultati

VulnerabilitàAlta
CVE-2026-50242 - JetBrains Hub Authentication Bypass

CVE ID :CVE-2026-50242 Published : June 19, 2026, 11:49 a.m. | 1 hour, 53 minutes ago Description :In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-56141 - JetBrains Hub Account Takeover

CVE ID :CVE-2026-56141 Published : June 19, 2026, 11:49 a.m. | 1 hour, 53 minutes ago Description :In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-56142 - JetBrains Hub Authentication Privilege Escalation

CVE ID :CVE-2026-56142 Published : June 19, 2026, 11:49 a.m. | 1 hour, 53 minutes ago Description :In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible Severity: 9.6 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-53915 - JetBrains GoLand: Remote Code Execution via Untrusted Project Configuration

CVE ID :CVE-2026-53915 Published : June 19, 2026, 11:49 a.m. | 1 hour, 53 minutes ago Description :In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-12706 - Ffmpeg: ffmpeg: heap use-after-free read in rasc decoder decode_move()

CVE ID :CVE-2026-12706 Published : June 19, 2026, 10:55 a.m. | 2 hours, 48 minutes ago Description :A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker could exploit this by providing a specially crafted AVI file containing a malicious RASC video stream. When a user opens or plays the file, the decoder reads from freed heap memory, which could lead to a denial of service (crash). Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-11941 - Use-after-free in connection ID iterator and FFI functions

CVE ID :CVE-2026-11941 Published : June 19, 2026, 9:55 a.m. | 3 hours, 47 minutes ago Description :Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quiche_connection_id_iter_next” and “quiche_conn_retired_scid_next” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned “ConnectionId” would be dropped at the end of those functions' scope. Only applications using those FFI functions are affected. The FFI API is disabled by default by a build-time feature flag. Impact If unpatched, an application calling the affected FFI functions will dereference freed memory. The most likely outcome is undefined behavior leading to a process crash (denial of service). Depending on allocator state, the read may also return adjacent heap contents, resulting in limited information disclosure or incorrect connection identifier handling. Mitigation Users are requested to upgrade to quiche 0.29.2 which is the earliest version containing the fix for this issue. Severity: 5.6 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-41156 - GPU DDK - kernel<->fw CCB contains SYNC_PRIMITIVE_BLOCK firmware address without holding reference

CVE ID :CVE-2026-41156 Published : June 19, 2026, 9:28 a.m. | 4 hours, 14 minutes ago Description :Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario. A shared resource (memory page) managed by a CPU thread of control (driver) and accessed by a GPU thread of control (Firmware) can cause a write UAF when the CPU thread frees the resource before the GPU FW has finished accessing it. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-34192 - GPU DDK - _MMU_AllocLevel error recovery paths leave dangling page table entries

CVE ID :CVE-2026-34192 Published : June 19, 2026, 9:23 a.m. | 4 hours, 19 minutes ago Description :Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables. The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not cleanup properly before freeing the physical allocation. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-8296 - Octopus Server Artifact Cross-Site Scripting

CVE ID :CVE-2026-8296 Published : June 19, 2026, 9:23 a.m. | 4 hours, 19 minutes ago Description :In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts. Severity: 5.6 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-11576 - eclipse-threadx NetX Duo HTTP Server fx_file_close Uninitialized Handle Vulnerability

CVE ID :CVE-2026-11576 Published : June 19, 2026, 8:27 a.m. | 5 hours, 15 minutes ago Description :The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fx_file_close() even when the file was never successfully opened. Multiple error branches jump to the shared cleanup label before any file open operation has occurred, causing fx_file_close() to operate on an uninitialized file handle, leading to undefined behavior, double-close issues, or memory corruption. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
News
Splunk waarschuwt voor actief misbruik van kritiek lek in Splunk Enterprise

Splunk waarschuwt voor actief misbruik van kritiek lek in Splunk Enterprise Softwarebedrijf Splunk waarschuwt voor actief misbruik van een kritieke kwetsbaarheid in Splunk Enterprise waardoor een ongeauthenticeerde aanvaller code op het platform kan uitvoeren. Splunk kwam op ... Read more Published Date: Jun 19, 2026 (6 days, 5 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-20253

CVEfeed Newsroom19 giu 2026
VulnerabilitàAlta
CVE-2026-56138 - Authenticated Path Traversal in AIL framework /objects/item/diff Allows Reading Gzip-Compressed Files

CVE ID :CVE-2026-56138 Published : June 19, 2026, 8:03 a.m. | 5 hours, 39 minutes ago Description :AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed as valid AIL objects. An authenticated AIL user could craft malicious item identifiers containing path traversal sequences to cause the application to read gzip-compressed files accessible to the AIL process. This could result in unauthorized disclosure of local file contents, limited to files readable by the application and compatible with the expected gzip-compressed item format. The issue was fixed by validating that both requested items exist before their contents are accessed. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026

Pagina 208 di 2085

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.