Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

25436 risultati

VulnerabilitàAlta
CVE-2026-39490 - WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability

CVE ID :CVE-2026-39490 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Broken Access Control in JupiterX Core Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-40809 - WordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerability

CVE ID :CVE-2026-40809 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-52712 - WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability

CVE ID :CVE-2026-52712 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Subscriber SQL Injection in Attendance Manager Severity: 7.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-49774 - WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability

CVE ID :CVE-2026-49774 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0. Severity: 9.9 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-52711 - WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability

CVE ID :CVE-2026-52711 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Broken Access Control in WooCommerce POS Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-10825 - Improper JSON Input Validation in WebSocket API Leads to Denial of Service

CVE ID :CVE-2026-10825 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-39437 - WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

CVE ID :CVE-2026-39437 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-2381 - WooCommerce Stripe Payment Gateway <= 10.7.0 - Missing Authorization to Unauthenticated Order Status Manipulation via 'order' Parameter

CVE ID :CVE-2026-2381 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_pay_for_order()` function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or order_key verification when processing payment for an order via the `wc_stripe_pay_for_order` WC-AJAX endpoint. The function only validates a nonce (which is publicly available on any WooCommerce page where Express Checkout is enabled), but does not verify that the requesting user owns the target order and is allowed to modify it. This makes it possible for unauthenticated attackers to force any pending order into a failed status by providing a fake payment method, causing a payment exception that updates the order status to "failed" via sequential order ID enumeration. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2025-68045 - WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability

CVE ID :CVE-2025-68045 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Broken Access Control in WP Event SOlution Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
News
'Kritiek lek in Fortinet FortiSandbox na aantal dagen al misbruikt bij aanvallen'

'Kritiek lek in Fortinet FortiSandbox na aantal dagen al misbruikt bij aanvallen' Een kritieke kwetsbaarheid in Fortinet FortiSandbox is een aantal dagen na de bekendmaking al misbruikt bij aanvallen, zo meldt securitybedrijf Defused. Fortinet kwam op 9 juni met beveiligingsupdates ... Read more Published Date: Jun 16, 2026 (3 days, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-25089 CVE-2026-39813 CVE-2026-39808

CVEfeed Newsroom16 giu 2026
News
China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. "The Windows variants discovered are internally m ... Read more Published Date: Jun 16, 2026 (3 days, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-11645 CVE-2023-24932

CVEfeed Newsroom16 giu 2026
VulnerabilitàAlta
CVE-2026-8444 (CVSS 8.8)

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $_POST['curselrevs'] raw with no sanitization or type casting, then concatenating each array element directly into a `WHERE id IN ( ... )` clause without quoting and executing via $wpdb->get_results() without $wpdb->prepare(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

NVD (NIST)16 giu 2026

Pagina 292 di 2120

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.