News & Sicurezza
Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.
25675 risultati
CVE ID :CVE-2026-49073 Published : June 16, 2026, 9:23 p.m. | 4 hours, 19 minutes ago Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3. Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-48055 Published : June 16, 2026, 9:17 p.m. | 4 hours, 24 minutes ago Description :Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction, allowing a malicious archive to perform path traversal and write arbitrary files to the host filesystem. The subtitle extraction process downloads a ZIP archive and extracts its entries. The destination file path is constructed by concatenating the raw archive entry name (extracted.name) directly to the temporary directory path. If a malicious ZIP archive containing directory traversal sequences is processed, it escapes the temporary directory boundaries. The application then writes the extracted payload anywhere on the host filesystem subject to the application's current write permissions. This issue has been fixed in version 2.5.0. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11409 Published : June 16, 2026, 9:03 p.m. | 4 hours, 38 minutes ago Description :An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges. Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11410 Published : June 16, 2026, 9:03 p.m. | 4 hours, 39 minutes ago Description :An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges. Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49113 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Subscriber Arbitrary Code Execution in Cornerstone Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49080 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated SQL Injection in wpDataTables Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49057 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated Broken Access Control in JobSearch Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-48869 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated Cross Site Scripting (XSS) in Enfold Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40761 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Valeska Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40759 Published : June 16, 2026, 8:57 p.m. | 2 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Esmée Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40760 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Behold Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40758 Published : June 16, 2026, 8:57 p.m. | 2 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Léonie Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Pagina 300 di 2140