Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

25197 risultati

VulnerabilitàAlta
CVE-2025-71325 - picklescan - Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw

CVE ID :CVE-2025-71325 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigger unexpected exceptions and evade security scanning. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2025-71322 - PickleScan - Unsafe Globals Check Bypass via pty.spawn Function

CVE ID :CVE-2025-71322 Published : June 17, 2026, 3:04 p.m. | 2 hours, 37 minutes ago Description :PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2025-71320 - picklescan - Remote Code Execution via Incomplete Disallowed Inputs

CVE ID :CVE-2025-71320 Published : June 17, 2026, 3:04 p.m. | 2 hours, 37 minutes ago Description :picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using these unblocked functions to achieve arbitrary code execution when the pickle is deserialized. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2025-71321 - picklescan - Arbitrary File Writing via distutils Module Bypass

CVE ID :CVE-2025-71321 Published : June 17, 2026, 3:04 p.m. | 2 hours, 37 minutes ago Description :picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.file_util.write_file. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code execution. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-35066 - Dell PowerFlex Manager Improper Access Control Denial of Service

CVE ID :CVE-2026-35066 Published : June 17, 2026, 2:58 p.m. | 2 hours, 43 minutes ago Description :Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-35067 - Dell PowerFlex Manager Improper Access Control

CVE ID :CVE-2026-35067 Published : June 17, 2026, 2:53 p.m. | 2 hours, 49 minutes ago Description :Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Access Control vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges and Unauthorized access. Severity: 5.7 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-35162 - Dell PowerFlex Manager Improper Access Control Denial of Service

CVE ID :CVE-2026-35162 Published : June 17, 2026, 2:48 p.m. | 2 hours, 54 minutes ago Description :Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-35065 - Dell PowerFlex Manager Missing Authentication for Critical Function

CVE ID :CVE-2026-35065 Published : June 17, 2026, 2:42 p.m. | 1 hour ago Description :Dell PowerFlex Manager, version(s) [Versions], contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Information tampering, Remote execution, Script injection, and Unauthorized access. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-10850 - Plane 1.3.1 - Stored XSS in intake issue description_html

CVE ID :CVE-2026-10850 Published : June 17, 2026, 2:39 p.m. | 1 hour, 2 minutes ago Description :Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API v1 intake endpoint. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-32804 - Dell PowerFlex Manager Improper Authentication

CVE ID :CVE-2026-32804 Published : June 17, 2026, 2:36 p.m. | 1 hour, 5 minutes ago Description :Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Unauthorized access. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-47103 - Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection

CVE ID :CVE-2026-47103 Published : June 17, 2026, 2:32 p.m. | 1 hour, 10 minutes ago Description :Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted `` attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings through a call chain ending in Python's built-in eval() without sandboxing, enabling arbitrary code execution in the context of the hosting process. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-49502 - Dell PowerFlex Manager Improper Authentication

CVE ID :CVE-2026-49502 Published : June 17, 2026, 2:30 p.m. | 1 hour, 12 minutes ago Description :Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access. Severity: 7.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026

Pagina 248 di 2100

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.