News & Sicurezza
Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.
25411 risultati
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin chains three independent flaws that together allow an authenticated Agent (Agent+) to overwrite a WordPress Administrator's password without ever invoking an Administrator-only API. This makes it possible for authenticated attackers, with Agent access and above, to elevate their privileges to Administrator.
Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise.
CVE ID :CVE-2026-52715 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated SQL Injection in GEO my WordPress Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-54198 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-54190 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Broken Access Control in Envira Photo Gallery Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-54191 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Cross Site Scripting (XSS) in Pods Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-54197 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Sensitive Data Exposure in GetGenie Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52714 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO Severity: 5.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40809 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39490 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Broken Access Control in JupiterX Core Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39574 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated SQL Injection in InPost Gallery Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39581 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Pagina 289 di 2118