News & Sicurezza
Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.
25210 risultati
CVE ID :CVE-2026-10837 Published : June 17, 2026, 11:11 a.m. | 2 hours, 31 minutes ago Description :Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited impact on confidentiality and integrity. Severity: 5.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10836 Published : June 17, 2026, 11:10 a.m. | 2 hours, 31 minutes ago Description :Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising the integrity of dependent services. Severity: 5.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-5667 Published : June 17, 2026, 10:53 a.m. | 2 hours, 48 minutes ago Description :Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Packaged Air Conditioners (for Japan and outside Japan); Refrigerators (for Japan); Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan); Bathroom Dryer / Heater / Ventilation Systems (for Japan); Adapters for Airflow Ventilation Systems, Heat Pump Chilled / Hot Water Systems, and Ventilation / Air-Conditioning System Air Resorts (for Japan); Lossnay Central Ventilation Systems (for Japan); Smart Switches for Ventilation Fans and Lossnay (for Japan); IH Cooking Heaters (for Japan); and Rice Cookers (for Japan) allows an attacker within Wi-Fi radio range of an affected product to access the affected product using a hard-coded SSID and password, thereby obtaining device data such as operation status, room set temperature, and room temperature; changing the air-conditioner or Wi-Fi settings; or causing Wi-Fi communication to enter a denial-of-service (DoS) condition. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2024-34810 Published : June 17, 2026, 10:25 a.m. | 3 hours, 17 minutes ago Description :Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Bluetooth-lek in Apple Beats Studio Buds maakt afluisteren gebruikers mogelijk Een bluetooth-kwetsbaarheid in de Beats Studio Buds van Apple maakt het afluisteren van gebruikers mogelijk. Apple heeft een firmware-update uitgebracht om het probleem te verhelpen. "Een aanvaller bi ... Read more Published Date: Jun 17, 2026 (5 days, 9 hours ago) Vulnerabilities has been mentioned in this article. CVE-2025-20701
CVE ID :CVE-2026-12491 Published : June 17, 2026, 10:07 a.m. | 3 hours, 35 minutes ago Description :A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Joomla-websites aangevallen via kritiek beveiligingslek in JCE-editor Een kritieke kwetsbaarheid in de Joomla Content Editor (JCE) wordt actief misbruikt om Joomla-websites mee aan te vallen, zo waarschuwen de ontwikkelaars en de Amerikaanse en Italiaanse autoriteiten. ... Read more Published Date: Jun 17, 2026 (5 days, 7 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-48907
CVE ID :CVE-2026-54811 Published : June 17, 2026, 9:51 a.m. | 3 hours, 50 minutes ago Description :Unauthenticated SQL Injection in WP eMember Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-54807 Published : June 17, 2026, 9:51 a.m. | 3 hours, 50 minutes ago Description :Unauthenticated Privilege Escalation in Registration Form for WooCommerce Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-54806 Published : June 17, 2026, 9:51 a.m. | 3 hours, 50 minutes ago Description :Unauthenticated PHP Object Injection in WP Activity Log Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-54805 Published : June 17, 2026, 9:51 a.m. | 1 hour, 50 minutes ago Description :Subscriber Privilege Escalation in Falang multilanguage Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-54804 Published : June 17, 2026, 9:51 a.m. | 1 hour, 50 minutes ago Description :Subscriber Broken Authentication in Melhor Envio Severity: 7.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Pagina 253 di 2101