News & Sicurezza

Nation-State Cyber Operations: Integrated Threat Intelligence Assessment 4/8/2026 Executive Overview The current nation-state cyber threat environment reflects a transition from episodic intrusion activity to a persistent, multi-domain operational model in which access, positioning ... Read more Published Date: Apr 08, 2026 (1 day, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2026-21509

CVE ID :CVE-2026-5795 Published : April 8, 2026, 2:16 p.m. | 1 hour, 39 minutes ago Description :In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation. Severity: 7.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-2509 Published : April 8, 2026, 2:16 p.m. | 1 hour, 39 minutes ago Description :The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayer_xss_content' XSS filtering function, which blocks common, but not all, event handlers. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2025-14816 Published : April 8, 2026, 2:16 p.m. | 1 hour, 39 minutes ago Description :Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Firecracker Security Alert: Virtio-PCI Vulnerability Could Lead to Out-of-Bounds Memory Access AWS has issued a high-severity security advisory for Firecracker, the open-source virtualization technology purpose-built for high-scale, multi-tenant services like AWS Lambda and Fargate. The vulnera ... Read more Published Date: Apr 08, 2026 (1 day, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2026-5747 CVE-2026-24156 CVE-2026-22679 CVE-2026-34208 CVE-2026-35616 CVE-2026-5281 CVE-2026-3502 CVE-2025-54122 CVE-2025-2172 CVE-2025-2171 CVE-2025-4679

CVE ID :CVE-2026-5301 Published : April 8, 2026, 1:16 p.m. | 39 minutes ago Description :Stored XSS in log viewer in CoolerControl/coolercontrol-ui Severity: 7.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5600 Published : April 8, 2026, 1:16 p.m. | 39 minutes ago Description :A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those they should not have access to. These records contain information on the time and result of every ticket scan as well as the ID of the matched ticket. Example: { "id": 123, "successful": true, "error_reason": null, "error_explanation": null, "position": 321, "datetime": "2020-08-23T09:00:00+02:00", "list": 456, "created": "2020-08-23T09:00:00+02:00", "auto_checked_in": false, "gate": null, "device": 1, "device_id": 1, "type": "entry" } An unauthorized user usually has no way to match these IDs (position) back to individual people. Severity: 5.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5300 Published : April 8, 2026, 1:16 p.m. | 39 minutes ago Description :Unauthenticated functionality in CoolerControl/coolercontrold Severity: 5.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5302 Published : April 8, 2026, 1:16 p.m. | 39 minutes ago Description :CORS misconfiguration in CoolerControl/coolercontrold Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-4402 Published : April 8, 2026, 1:16 p.m. | 39 minutes ago Description :Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-28261 Published : April 8, 2026, 1:16 p.m. | 39 minutes ago Description :Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-27102 Published : April 8, 2026, 1:16 p.m. | 39 minutes ago Description :Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. Severity: 6.6 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...