Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

25197 risultati

VulnerabilitàAlta
CVE-2026-12515 - Katello: missing repository authorization in content_uploads exposes cross-product content existence

CVE ID :CVE-2026-12515 Published : June 17, 2026, 3:34 p.m. | 2 hours, 8 minutes ago Description :A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the edit_products permission to query content information for repositories outside the products they were authorized to manage. An authenticated attacker could exploit this issue to determine whether specific content exists within repositories that should otherwise be inaccessible. This issue does not allow unauthorized modification, import, or publication of content. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-32652 - Dell AIOps Collector Default Credentials Filesystem Access Vulnerability

CVE ID :CVE-2026-32652 Published : June 17, 2026, 3:29 p.m. | 2 hours, 13 minutes ago Description :Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earlier than 1.18.3. Systems that have been upgraded (either manually or automatically) to version 1.18.3 or later are not impacted, even if they were originally installed on an earlier version. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-1288 - RFA File Parsing Vulnerability in Autodesk Revit

CVE ID :CVE-2026-1288 Published : June 17, 2026, 3:27 p.m. | 2 hours, 14 minutes ago Description :A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition. Severity: 5.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2025-32748 - Dell PowerFlex Host Header Injection

CVE ID :CVE-2025-32748 Published : June 17, 2026, 3:17 p.m. | 2 hours, 25 minutes ago Description :Dell PowerFlex rack, version(s) RCM 3.7/3.7, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-35069 - Dell PowerFlex Manager SQL Injection

CVE ID :CVE-2026-35069 Published : June 17, 2026, 3:10 p.m. | 2 hours, 32 minutes ago Description :Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. Severity: 5.7 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-35068 - Dell PowerFlex Manager, version(s) [Versions], con

CVE ID :CVE-2026-35068 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure. Severity: 3.5 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-53875 - picklescan - Scanning Bypass via Dynamic Eval in scan_pytorch

CVE ID :CVE-2026-53875 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the __reduce__ trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable, enabling arbitrary code execution when loaded with torch.load(). Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-53874 - picklescan - Arbitrary Code Execution via Obfuscated eval Call

CVE ID :CVE-2026-53874 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle is loaded from untrusted sources. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-53873 - picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass

CVE ID :CVE-2026-53873 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run() function, allowing attackers to achieve arbitrary code execution via exec(). Attackers can craft malicious pickle files calling profile.run(statement) to execute arbitrary Python code while picklescan reports zero security issues. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-53872 - picklescan - Arbitrary File Read via Unsafe Pickle Deserialization

CVE ID :CVE-2026-53872 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to external servers. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-3490 - picklescan - Universal Blocklist Bypass via pkgutil.resolve_name

CVE ID :CVE-2026-3490 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.system, builtins.exec, or subprocess.call to achieve remote code execution. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2025-71323 - picklescan - Remote Code Execution via Unblocked ctypes Module

CVE ID :CVE-2025-71323 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbox protections and gadget chain detection. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026

Pagina 247 di 2100

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.