News & Sicurezza
Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.
25428 risultati
CVE ID :CVE-2026-52715 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated SQL Injection in GEO my WordPress Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49772 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39581 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39574 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated SQL Injection in InPost Gallery Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39490 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Broken Access Control in JupiterX Core Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40809 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52712 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Subscriber SQL Injection in Attendance Manager Severity: 7.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49774 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0. Severity: 9.9 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52711 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Broken Access Control in WooCommerce POS Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10825 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39437 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-2381 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_pay_for_order()` function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or order_key verification when processing payment for an order via the `wc_stripe_pay_for_order` WC-AJAX endpoint. The function only validates a nonce (which is publicly available on any WooCommerce page where Express Checkout is enabled), but does not verify that the requesting user owns the target order and is allowed to modify it. This makes it possible for unauthenticated attackers to force any pending order into a failed status by providing a fake payment method, causing a payment exception that updates the order status to "failed" via sequential order ID enumeration. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Pagina 291 di 2119