Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

25203 risultati

VulnerabilitàAlta
CVE-2025-59872 - HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability,

CVE ID :CVE-2025-59872 Published : June 17, 2026, 12:32 p.m. | 1 hour, 9 minutes ago Description :HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-11975 - Stored Cross-Site Scripting (XSS) in SimplCommerce News Module Admin Interface

CVE ID :CVE-2026-11975 Published : June 17, 2026, 12:18 p.m. | 1 hour, 24 minutes ago Description :Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw() Severity: 6.2 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2025-62340 - HCL iControl was affected by Inadequate Session Timeout vulnerability

CVE ID :CVE-2025-62340 Published : June 17, 2026, 12:17 p.m. | 1 hour, 25 minutes ago Description :HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity Severity: 3.1 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2024-37496 - WordPress Metro Magazine theme <= 1.3.7 - Broken Access Control on Notice Dismissal vulnerability

CVE ID :CVE-2024-37496 Published : June 17, 2026, 12:13 p.m. | 1 hour, 28 minutes ago Description :Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2024-37210 - WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control vulnerability

CVE ID :CVE-2024-37210 Published : June 17, 2026, 12:11 p.m. | 1 hour, 30 minutes ago Description :Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2024-35690 - WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability

CVE ID :CVE-2024-35690 Published : June 17, 2026, 12:05 p.m. | 1 hour, 37 minutes ago Description :Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2024-35648 - WordPress Emergency Password Reset plugin <= 8.0 - Cross Site Request Forgery (CSRF) vulnerability

CVE ID :CVE-2024-35648 Published : June 17, 2026, 12:03 p.m. | 1 hour, 38 minutes ago Description :Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2024-33909 - WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability

CVE ID :CVE-2024-33909 Published : June 17, 2026, 12:02 p.m. | 1 hour, 40 minutes ago Description :Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2024-32949 - WordPress Integrate Google Drive plugin <= 1.3.8 - Broken Access Control vulnerability

CVE ID :CVE-2024-32949 Published : June 17, 2026, 11:57 a.m. | 1 hour, 45 minutes ago Description :Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8. Severity: 8.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2024-32729 - WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerability

CVE ID :CVE-2024-32729 Published : June 17, 2026, 11:53 a.m. | 1 hour, 49 minutes ago Description :Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-11858 - Missing authorization in Quanos SCHEMA ST4 Client Update Service allows arbitrary file overwrite as SYSTEM

CVE ID :CVE-2026-11858 Published : June 17, 2026, 11:50 a.m. | 1 hour, 51 minutes ago Description :Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated low-privileged user can connect to the interface and invoke privileged update methods such as Update(). This allows arbitrary file write and delete operations with SYSTEM privileges and can be used to achieve local privilege escalation. Severity: 8.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2024-24709 - WordPress Shareaholic plugin <= 9.7.11 - Broken Access Control vulnerability

CVE ID :CVE-2024-24709 Published : June 17, 2026, 11:42 a.m. | 2 hours ago Description :Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026

Pagina 251 di 2101

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.