News & Sicurezza

CVE ID :CVE-2026-57536 Published : June 25, 2026, 2:08 p.m. | 1 hour, 36 minutes ago Description :Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-13222 Published : June 25, 2026, 2:07 p.m. | 1 hour, 37 minutes ago Description :Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-13223 Published : June 25, 2026, 2:03 p.m. | 1 hour, 41 minutes ago Description :Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-13314 Published : June 25, 2026, 1:53 p.m. | 1 hour, 51 minutes ago Description :Malicious HTML content could be injected into the content rendered by the pretix-digital plugin. Severity: 2.0 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-6432 Published : June 25, 2026, 1:49 p.m. | 1 hour, 55 minutes ago Description :Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-46735 Published : June 25, 2026, 1:48 p.m. | 1 hour, 56 minutes ago Description :Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-57587 Published : June 25, 2026, 1:47 p.m. | 1 hour, 57 minutes ago Description :A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-57588 Published : June 25, 2026, 1:47 p.m. | 1 hour, 57 minutes ago Description :A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-46734 Published : June 25, 2026, 1:43 p.m. | 2 hours, 1 minute ago Description :Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-47154 Published : June 25, 2026, 1:43 p.m. | 2 hours, 1 minute ago Description :In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Simple Metering cluster may be impacted. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-47153 Published : June 25, 2026, 1:42 p.m. | 2 hours, 2 minutes ago Description :In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-47152 Published : June 25, 2026, 1:41 p.m. | 2 hours, 3 minutes ago Description :In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...