Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

25385 risultati

VulnerabilitàAlta
CVE-2026-53840 (CVSS 7.1)

OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an MCP endpoint can redirect requests to exfiltrate sensitive headers like API keys or tenant-routing credentials to attacker-controlled origins.

NVD (NIST)16 giu 2026
VulnerabilitàAlta
CVE-2026-50656 (CVSS 7.8)

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.

NVD (NIST)16 giu 2026
VulnerabilitàAlta
CVE-2026-47964 (CVSS 7.8)

DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NVD (NIST)16 giu 2026
News
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastr ... Read more Published Date: Jun 16, 2026 (5 days, 18 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-11645 CVE-2026-2473

CVEfeed Newsroom16 giu 2026
VulnerabilitàCritica
CVE-2026-53776 (CVSS 9.1)

Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validate_exp = false in the verify_decode helper within the stdlib JWT verification path. Attackers in possession of a previously issued bearer token can present expired tokens to any jwt.verify() call and retain authenticated access indefinitely, bypassing force-expired sessions such as user logout or administrative revocation.

NVD (NIST)16 giu 2026
VulnerabilitàAlta
CVE-2026-39926 - Rejected reason: This CVE ID has been rejected or

CVE ID :CVE-2026-39926 Published : June 16, 2026, 5:16 p.m. | 25 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-44932 - indirect remote shell command injection via unsanitized DHCP options in wicked

CVE ID :CVE-2026-44932 Published : June 16, 2026, 5:16 p.m. | 25 minutes ago Description :Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-42089 - yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation

CVE ID :CVE-2026-42089 Published : June 16, 2026, 5:16 p.m. | 25 minutes ago Description :Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass attacker-controlled project configuration into this path, this can result in arbitrary package installation and code execution during CLI bootstrap. The vulnerable method is installLocalGenerators(), which calls repository.install() directly without prompting the user. This issue has been fixed in version 6.0.0. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-39927 - Rejected reason: This CVE ID has been rejected or

CVE ID :CVE-2026-39927 Published : June 16, 2026, 5:16 p.m. | 25 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-24155 - NVIDIA NeMo Code Injection

CVE ID :CVE-2026-24155 Published : June 16, 2026, 5:16 p.m. | 25 minutes ago Description :NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-24228 - NVIDIA NeMo Framework Deserialization Vulnerability

CVE ID :CVE-2026-24228 Published : June 16, 2026, 5:16 p.m. | 25 minutes ago Description :NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-12412 - Rejected reason: loading template...

CVE ID :CVE-2026-12412 Published : June 16, 2026, 5:16 p.m. | 25 minutes ago Description :Rejected reason: loading template... Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026

Pagina 281 di 2116

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.