Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

25020 risultati

VulnerabilitàAlta
CVE-2026-7547 - Woosa <= 2.0.5 - Authenticated (Administrator+) Arbitrary File Read via 'log_file' Parameter

CVE ID :CVE-2026-7547 Published : June 19, 2026, 4:31 a.m. | 7 hours, 11 minutes ago Description :The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the render_logs_ui() function, which accepts a base64-encoded file name from the 'log_file' GET parameter and concatenates it directly with the plugin's log directory path without validating that the resolved path remains within the intended directory. This makes it possible for authenticated attackers, with Administrator-level access, to read the contents of arbitrary files on the server, including wp-config. Severity: 4.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-1856 - Appointment Booking Calendar <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Booking Field Label

CVE ID :CVE-2026-1856 Published : June 19, 2026, 4:31 a.m. | 5 hours, 11 minutes ago Description :The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-11752 - Armeria-xds: Arbitrary File Read via Unrestricted Filename Resolution

CVE ID :CVE-2026-11752 Published : June 19, 2026, 4:29 a.m. | 5 hours, 13 minutes ago Description :A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local files and environment variables on the xDS client host. Severity: 5.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-10779 - Classified Listing <= 5.4.2 - Missing Authorization to Authenticated (Subscriber+) Feature Modification via Multiple AJAX Handlers ('listingId'/'id' Parameters)

CVE ID :CVE-2026-10779 Published : June 19, 2026, 3:41 a.m. | 6 hours, 1 minute ago Description :The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capability/ownership check on the gallery_image_update_as_feature AJAX handler (action: rtcl_fb_gallery_image_update_as_feature), which accepts a user-supplied listing ID and attachment ID and sets the featured image of a listing while only validating a nonce that is exposed to any logged-in user on the frontend listing-submission form. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the featured image of arbitrary listings they do not own. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-56132 - Expat Heap-Based Buffer Overflow

CVE ID :CVE-2026-56132 Published : June 19, 2026, 3 a.m. | 6 hours, 42 minutes ago Description :In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-56131 - Expat XML_ResumeParser Use-After-Free Vulnerability

CVE ID :CVE-2026-56131 Published : June 19, 2026, 2:56 a.m. | 6 hours, 46 minutes ago Description :libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation). Severity: 4.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-8806 - Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series FX5-ENET/IP Ethernet module

CVE ID :CVE-2026-8806 Published : June 19, 2026, 2:31 a.m. | 7 hours, 12 minutes ago Description :Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing the processing load of the product, preventing the internal anomaly-detection processing from being performed, and causing the communication function to stop. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-11775 - User Admin Simplifier <= 3.0.0 - Cross-Site Request Forgery

CVE ID :CVE-2026-11775 Published : June 19, 2026, 2:29 a.m. | 7 hours, 13 minutes ago Description :The User Admin Simplifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the useradminsimplifier_options_page function. This makes it possible for unauthenticated attackers to reset and permanently delete any user's stored menu and admin-bar configuration via a forged request that triggers uas_save_admin_options() and overwrites the useradminsimplifier_options database entry via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
VulnerabilitàAlta
CVE-2026-8805 - Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series EtherNet/IP module

CVE ID :CVE-2026-8805 Published : June 19, 2026, 2:26 a.m. | 5 hours, 16 minutes ago Description :Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE19 giu 2026
News
The Vulnerabilities That Matter in Oracle’s June 2026 CSPU

The Vulnerabilities That Matter in Oracle’s June 2026 CSPU 1. CVE-2026-35273 — PeopleSoft PeopleTools EMHub (the one that actually got people breached)This is the standout, and it’s worth walking through the full timeline because it’s a textbook case of zero- ... Read more Published Date: Jun 19, 2026 (6 days, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-35273 CVE-2026-34481

CVEfeed Newsroom19 giu 2026
VulnerabilitàAlta
CVE-2026-40624 - AVer PTC cameras Files or Directories Accessible to External Parties

CVE ID :CVE-2026-40624 Published : June 18, 2026, 11:54 p.m. | 7 hours, 48 minutes ago Description :Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-50034 - Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Cleartext Transmission of Sensitive Information

CVE ID :CVE-2026-50034 Published : June 18, 2026, 11:47 p.m. | 7 hours, 55 minutes ago Description :An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including glucose measurement values. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026

Pagina 211 di 2085

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.