News & Sicurezza
Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.
25278 risultati
CVE ID :CVE-2026-48055 Published : June 16, 2026, 9:17 p.m. | 4 hours, 24 minutes ago Description :Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction, allowing a malicious archive to perform path traversal and write arbitrary files to the host filesystem. The subtitle extraction process downloads a ZIP archive and extracts its entries. The destination file path is constructed by concatenating the raw archive entry name (extracted.name) directly to the temporary directory path. If a malicious ZIP archive containing directory traversal sequences is processed, it escapes the temporary directory boundaries. The application then writes the extracted payload anywhere on the host filesystem subject to the application's current write permissions. This issue has been fixed in version 2.5.0. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11409 Published : June 16, 2026, 9:03 p.m. | 4 hours, 38 minutes ago Description :An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges. Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11410 Published : June 16, 2026, 9:03 p.m. | 4 hours, 39 minutes ago Description :An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges. Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49113 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Subscriber Arbitrary Code Execution in Cornerstone Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49080 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated SQL Injection in wpDataTables Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49057 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated Broken Access Control in JobSearch Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40761 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Valeska Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-48869 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated Cross Site Scripting (XSS) in Enfold Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40760 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Behold Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40759 Published : June 16, 2026, 8:57 p.m. | 2 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Esmée Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40758 Published : June 16, 2026, 8:57 p.m. | 2 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Léonie Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-48777 Published : June 16, 2026, 8:16 p.m. | 1 hour, 25 minutes ago Description :FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted d.share.Path BEFORE the downstream sanitizer runs. Because filepath.Join collapses .. segments during the join, the sanitizer in resourcePatchHandler never sees the traversal and the move/copy/rename operates on a path outside the shared directory. The same root-cause pattern was patched for the bulk DELETE endpoint as CVE-2026-44542 (GHSA-fwj3-42wh-8673), but the PATCH handler with the identical pattern was not updated. A public share link with AllowModify=true is sufficient to exploit this. Anyone holding such a link can move, copy, or rename arbitrary files within the share owner's source root. This issue has been fixed in versions 1.3.3-stable and 1.4.2-beta. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Pagina 267 di 2107