Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

25106 risultati

VulnerabilitàAlta
CVE-2026-42490 - domctl lock open to abuse

CVE ID :CVE-2026-42490 Published : June 18, 2026, 1:47 p.m. | 1 hour, 55 minutes ago Description :[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these operations may not be executed in parallel, so a system-wide lock is used. The way that lock is acquired is, however, not providing any fairness. This is CVE-2026-42489. Furthermore, with XSM/Flask in use, the lock acquire will, for some operations, occur ahead of any permission checking. This is CVE-2026-42490. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-42487 - x86 HVM I/O port list traversal

CVE ID :CVE-2026-42487 Published : June 18, 2026, 1:46 p.m. | 1 hour, 56 minutes ago Description :HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model (via XEN_DOMCTL_ioport_mapping), and hence the linked list used may changed at any time. Traversal of those lists (while handling guest I/O port accesses) therefore needs synchronizing with updates, which was missing so far. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
News
DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic

DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside M ... Read more Published Date: Jun 18, 2026 (5 days, 16 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-11645 CVE-2025-61155 CVE-2025-1055 CVE-2023-52271

CVEfeed Newsroom18 giu 2026
VulnerabilitàAlta
CVE-2026-54224 - Denial of Service in UBB.threads

CVE ID :CVE-2026-54224 Published : June 18, 2026, 12:56 p.m. | 2 hours, 46 minutes ago Description :UBB.threads is vulnerable to Denial of Service (DoS). By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-54223 - Remote Code Execution via arbitrary file read and write in UBB.threads

CVE ID :CVE-2026-54223 Published : June 18, 2026, 12:56 p.m. | 2 hours, 46 minutes ago Description :UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application’s server that application has privileges to, what results in Remote Code Execution. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-54222 - Blind SQL Injection in UBB.threads

CVE ID :CVE-2026-54222 Published : June 18, 2026, 12:56 p.m. | 2 hours, 46 minutes ago Description :UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries through time-based or boolean-based techniques. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-54221 - Reflected XSS in UBB.threads

CVE ID :CVE-2026-54221 Published : June 18, 2026, 12:56 p.m. | 2 hours, 46 minutes ago Description :UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, enabling attackers to execute arbitrary JavaScript in the context of a victim's browser by tricking them into clicking a crafted link. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions. Severity: 5.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-54220 - Cross-Site Request Forgery in UBB.threads

CVE ID :CVE-2026-54220 Published : June 18, 2026, 12:56 p.m. | 2 hours, 46 minutes ago Description :uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
VulnerabilitàAlta
CVE-2026-54219 - Stored XSS in UBB.threads

CVE ID :CVE-2026-54219 Published : June 18, 2026, 12:56 p.m. | 2 hours, 46 minutes ago Description :UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions. Severity: 5.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
News
Vulnerabilities in UBB.threads software

Vulnerabilities in UBB.threads software Vulnerabilities in UBB.threads software CVE ID CVE-2026-54219 Publication date 18 June 2026 Vendor UBB Systems Product UBB.threads Vulnerable versions All through 7.7.5 Vulnerability type (CWE) Improp ... Read more Published Date: Jun 18, 2026 (5 days, 6 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-54224 CVE-2026-54223 CVE-2026-54222 CVE-2026-54221 CVE-2026-54220 CVE-2026-54219

CVEfeed Newsroom18 giu 2026
VulnerabilitàAlta
CVE-2026-11719 - MCP Toolbox for Databases Authorization Bypass

CVE ID :CVE-2026-11719 Published : June 18, 2026, 11:55 a.m. | 3 hours, 47 minutes ago Description :An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol versions (2025-06-18, 2025-03-26, and 2024-11-05) omit this check. An authenticated client with low-privilege tokens (e.g., read) can bypass the intended per-tool scope restrictions and execute high-privilege tools (e.g., admin) simply by specifying an older protocol version in the MCP-Protocol-Version header, or by omitting the header entirely (which causes the server to default to the vulnerable 2024-11-05 handler). Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE18 giu 2026
News
Vulnerabilities in LMS software

Vulnerabilities in LMS software Vulnerabilities in LMS software CVE ID CVE-2026-40455 Publication date 18 June 2026 Vendor LMS Product LMS Vulnerable versions All before commit 4cb30a7 Vulnerability type (CWE) Improper Neutralizatio ... Read more Published Date: Jun 18, 2026 (5 days, 1 hour ago) Vulnerabilities has been mentioned in this article.

CVEfeed Newsroom18 giu 2026

Pagina 228 di 2093

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.