Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

25295 risultati

VulnerabilitàAlta
CVE-2026-40761 - WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability

CVE ID :CVE-2026-40761 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Valeska Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-40759 - WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability

CVE ID :CVE-2026-40759 Published : June 16, 2026, 8:57 p.m. | 2 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Esmée Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-40760 - WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability

CVE ID :CVE-2026-40760 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Behold Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-40758 - WordPress Léonie theme <= 1.2.1 - PHP Object Injection vulnerability

CVE ID :CVE-2026-40758 Published : June 16, 2026, 8:57 p.m. | 2 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Léonie Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-48777 - FileBrowser Quantum: Path Traversal in public share PATCH allows file ops outside shared directory

CVE ID :CVE-2026-48777 Published : June 16, 2026, 8:16 p.m. | 1 hour, 25 minutes ago Description :FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted d.share.Path BEFORE the downstream sanitizer runs. Because filepath.Join collapses .. segments during the join, the sanitizer in resourcePatchHandler never sees the traversal and the move/copy/rename operates on a path outside the shared directory. The same root-cause pattern was patched for the bulk DELETE endpoint as CVE-2026-44542 (GHSA-fwj3-42wh-8673), but the PATCH handler with the identical pattern was not updated. A public share link with AllowModify=true is sufficient to exploit this. Anyone holding such a link can move, copy, or rename arbitrary files within the share owner's source root. This issue has been fixed in versions 1.3.3-stable and 1.4.2-beta. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-47750 - stable-diffusion.cpp: Heap buffer overflow in GLOBAL opcode parsing for PyTorch checkpoint files

CVE ID :CVE-2026-47750 Published : June 16, 2026, 8:16 p.m. | 1 hour, 25 minutes ago Description :stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode handler. The issue was caused by missing validation when searching for newline-delimited fields. A crafted .ckpt file without the expected newline could cause the parser to use -1 as a copy length, resulting in immediate heap corruption. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by following these instructions: do not load .ckpt checkpoint files from untrusted sources, and prefer trusted model sources and safer formats such as .safetensors where possible. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-47747 - stable-diffusion.cpp has a Heap-based Buffer Overflow

CVE ID :CVE-2026-47747 Published : June 16, 2026, 8:16 p.m. | 1 hour, 25 minutes ago Description :stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode handler. The issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived from a negative signed value, causing immediate heap corruption. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by only loading .ckpt checkpoint files from trusted sources and preferring trusted model sources and safer formats such as .safetensors where possible. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-46448 - OpenStack Nova Server Create API Information Leak

CVE ID :CVE-2026-46448 Published : June 16, 2026, 8:16 p.m. | 1 hour, 25 minutes ago Description :In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation. Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-12425 - Reflected / DOM cross-site scripting (XSS) in PowerSchool ERP / Employee Access Center 23.10

CVE ID :CVE-2026-12425 Published : June 16, 2026, 8:16 p.m. | 1 hour, 25 minutes ago Description :Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting (XSS). This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it be eval()'d in the page and execute in the context of the user. Severity: 5.7 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-22312 - Use of Hard-coded Credentials Vulnerability in Radiflow iSAP Smart Collector

CVE ID :CVE-2026-22312 Published : June 16, 2026, 8:16 p.m. | 1 hour, 25 minutes ago Description :The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g. system reboot). Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-22313 - OS Commands Executed with Administrative Permissions in Radiflow iSAP Smart Collector

CVE ID :CVE-2026-22313 Published : June 16, 2026, 8:16 p.m. | 1 hour, 25 minutes ago Description :The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-12117 - Devolutions Server Improper Access Control

CVE ID :CVE-2026-12117 Published : June 16, 2026, 8:16 p.m. | 1 hour, 25 minutes ago Description :Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026

Pagina 269 di 2108

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.