Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

25792 risultati

VulnerabilitàAlta
CVE-2026-10649 (CVSS 8.6)

A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial of service (DoS) in the CIB remote listener. This can result in the affected service crashing.

NVD (NIST)16 giu 2026
VulnerabilitàAlta
CVE-2025-71261 - Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS

CVE ID :CVE-2025-71261 Published : June 16, 2026, 5:16 p.m. | 25 minutes ago Description :An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2024-38487 - API Gateway Container Privilege Escalation

CVE ID :CVE-2024-38487 Published : June 16, 2026, 5:16 p.m. | 25 minutes ago Description :api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions. Severity: 7.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2024-30476 - Dell PowerStore Stored Cross-Site Scripting

CVE ID :CVE-2024-30476 Published : June 16, 2026, 5:16 p.m. | 25 minutes ago Description :PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser. Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2024-24909 - Dell OpenManage Integration RCE via Gateway Plugin

CVE ID :CVE-2024-24909 Published : June 16, 2026, 5:16 p.m. | 25 minutes ago Description :Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run arbitrary code remotely. This is a high severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2024-22451 - Dell Peripheral Manager Uncontrolled Search Path Element Vulnerability

CVE ID :CVE-2024-22451 Published : June 16, 2026, 5:16 p.m. | 25 minutes ago Description :Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution. Severity: 6.7 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-9307 - Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities

CVE ID :CVE-2026-9307 Published : June 16, 2026, 3:16 p.m. | 2 hours, 25 minutes ago Description :A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-48780 - Forem vulnerable to bypass of email address domain restrictions

CVE ID :CVE-2026-48780 Published : June 16, 2026, 3:16 p.m. | 2 hours, 25 minutes ago Description :Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of `a2ab6d4`. As a workaround, some SMTP servers and email delivery providers may drop or refuse to send maliciously crafted email addresses. Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-47684 - Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP

CVE ID :CVE-2026-47684 Published : June 16, 2026, 3:16 p.m. | 2 hours, 25 minutes ago Description :Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1), allowing SSRF protection to be bypassed on dual-stack systems. Version 2.3.0 fixes the issue. Severity: 7.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-12398 (CVSS 7.5)

A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) into shell commands executed via subprocess.run() with shell=True. An authenticated user who controls a git repository can create a branch or tag with shell metacharacters in the name to achieve remote code execution on the pulp worker. The vulnerable endpoint is only reachable when GALAXY_ENABLE_LEGACY_ROLES is set to True, which is not the default configuration.

NVD (NIST)16 giu 2026
VulnerabilitàAlta
CVE-2026-12398 - Galaxy_ng: shell injection in legacy role import via unsanitized git ref names

CVE ID :CVE-2026-12398 Published : June 16, 2026, 3:16 p.m. | 2 hours, 25 minutes ago Description :A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) into shell commands executed via subprocess.run() with shell=True. An authenticated user who controls a git repository can create a branch or tag with shell metacharacters in the name to achieve remote code execution on the pulp worker. The vulnerable endpoint is only reachable when GALAXY_ENABLE_LEGACY_ROLES is set to True, which is not the default configuration. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026
VulnerabilitàAlta
CVE-2026-11317 - Rockwell Automation Logix 5370 and 5570 Controllers Vulnerable To Denial of Service Via CIP

CVE ID :CVE-2026-11317 Published : June 16, 2026, 3:16 p.m. | 2 hours, 25 minutes ago Description :A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault (MNRF). A program download is required to recover. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE16 giu 2026

Pagina 316 di 2150

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.