Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

25757 risultati

VulnerabilitàAlta
CVE-2026-11409 - OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N

CVE ID :CVE-2026-11409 Published : June 16, 2026, 9:03 p.m. | 4 hours, 38 minutes ago Description :An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges. Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-11410 - OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N

CVE ID :CVE-2026-11410 Published : June 16, 2026, 9:03 p.m. | 4 hours, 39 minutes ago Description :An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges. Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-49113 - WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability

CVE ID :CVE-2026-49113 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Subscriber Arbitrary Code Execution in Cornerstone Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-49080 - WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability

CVE ID :CVE-2026-49080 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated SQL Injection in wpDataTables Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-49057 - WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability

CVE ID :CVE-2026-49057 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated Broken Access Control in JobSearch Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-40761 - WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability

CVE ID :CVE-2026-40761 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Valeska Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-48869 - WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

CVE ID :CVE-2026-48869 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated Cross Site Scripting (XSS) in Enfold Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-40759 - WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability

CVE ID :CVE-2026-40759 Published : June 16, 2026, 8:57 p.m. | 2 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Esmée Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-40760 - WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability

CVE ID :CVE-2026-40760 Published : June 16, 2026, 8:57 p.m. | 4 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Behold Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-40758 - WordPress Léonie theme <= 1.2.1 - PHP Object Injection vulnerability

CVE ID :CVE-2026-40758 Published : June 16, 2026, 8:57 p.m. | 2 hours, 44 minutes ago Description :Unauthenticated PHP Object Injection in Léonie Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-48777 - FileBrowser Quantum: Path Traversal in public share PATCH allows file ops outside shared directory

CVE ID :CVE-2026-48777 Published : June 16, 2026, 8:16 p.m. | 1 hour, 25 minutes ago Description :FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted d.share.Path BEFORE the downstream sanitizer runs. Because filepath.Join collapses .. segments during the join, the sanitizer in resourcePatchHandler never sees the traversal and the move/copy/rename operates on a path outside the shared directory. The same root-cause pattern was patched for the bulk DELETE endpoint as CVE-2026-44542 (GHSA-fwj3-42wh-8673), but the PATCH handler with the identical pattern was not updated. A public share link with AllowModify=true is sufficient to exploit this. Anyone holding such a link can move, copy, or rename arbitrary files within the share owner's source root. This issue has been fixed in versions 1.3.3-stable and 1.4.2-beta. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-47750 - stable-diffusion.cpp: Heap buffer overflow in GLOBAL opcode parsing for PyTorch checkpoint files

CVE ID :CVE-2026-47750 Published : June 16, 2026, 8:16 p.m. | 1 hour, 25 minutes ago Description :stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode handler. The issue was caused by missing validation when searching for newline-delimited fields. A crafted .ckpt file without the expected newline could cause the parser to use -1 as a copy length, resulting in immediate heap corruption. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by following these instructions: do not load .ckpt checkpoint files from untrusted sources, and prefer trusted model sources and safer formats such as .safetensors where possible. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026

Pagina 307 di 2147

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.