Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

25044 risultati

VulnerabilitàAlta
CVE-2026-10746

CVE ID :CVE-2026-10746 Published : June 18, 2026, 10:19 p.m. | 7 hours, 23 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàCritica
CVE-2026-54130 (CVSS 9.8)

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.

NVD (NIST)18 giu 2026
VulnerabilitàCritica
CVE-2026-47647 (CVSS 9.9)

Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.

NVD (NIST)18 giu 2026
VulnerabilitàAlta
CVE-2026-47633 (CVSS 7.5)

Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network.

NVD (NIST)18 giu 2026
VulnerabilitàAlta
CVE-2026-32174 (CVSS 7.7)

Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network.

NVD (NIST)18 giu 2026
VulnerabilitàAlta
CVE-2026-56078 - PraisonAI - Arbitrary File Read and Write via Path Traversal in MultiAgentMonitor

CVE ID :CVE-2026-56078 Published : June 18, 2026, 10:12 p.m. | 7 hours, 30 minutes ago Description :PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of service, or code execution. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-56077 - PraisonAI - Information Disclosure via Shared MultiAgentLedger State

CVE ID :CVE-2026-56077 Published : June 18, 2026, 10:12 p.m. | 7 hours, 30 minutes ago Description :PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expose system prompts and conversation history between agents. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-56076 - PraisonAI - Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint

CVE ID :CVE-2026-56076 Published : June 18, 2026, 10:12 p.m. | 7 hours, 30 minutes ago Description :PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, combined with Starlette's Content-Type-agnostic JSON parsing, enabling attackers to bypass CORS preflight checks via simple requests and exfiltrate sensitive agent responses including tool execution results and environment data. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-56075 - PraisonAI - Arbitrary Shell Command Execution via Hardcoded Approval Mode Override

CVE ID :CVE-2026-56075 Published : June 18, 2026, 10:12 p.m. | 7 hours, 30 minutes ago Description :PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approval_mode to auto, overriding administrator configuration from PRAISON_APPROVAL_MODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary shell commands via subprocess.run with shell=True, bypassing the manual approval gate and insufficient command sanitization blocklists. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-56074 - PraisonAI - Tool Approval Cache Bypass via Coarse-Grained Caching

CVE ID :CVE-2026-56074 Published : June 18, 2026, 10:12 p.m. | 7 hours, 30 minutes ago Description :PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent execute_command calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and credentials via subsequent shell commands without user consent. Severity: 6.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-47647 - Dynamics 365 Elevation of Privilege Vulnerability

CVE ID :CVE-2026-47647 Published : June 18, 2026, 9:42 p.m. | 8 hours ago Description :None Severity: 9.9 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-54130 - M365 Copilot Information Disclosure Vulnerability

CVE ID :CVE-2026-54130 Published : June 18, 2026, 9:42 p.m. | 8 hours ago Description :None Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026

Pagina 215 di 2087

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.