News & Sicurezza

CVE ID :CVE-2026-47153 Published : June 25, 2026, 1:42 p.m. | 2 hours, 2 minutes ago Description :In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-47152 Published : June 25, 2026, 1:41 p.m. | 2 hours, 3 minutes ago Description :In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-33612 Published : June 25, 2026, 12:58 p.m. | 46 minutes ago Description :A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories It’s dumb out there again.This week has the usual smell of prod on fire and nobody wanting to admit who left the door open — old creds still working, trusted apps doing sketchy crap, browser tricks ju ... Read more Published Date: Jun 25, 2026 (2 days, 21 hours ago) Vulnerabilities has been mentioned in this article.

CVE ID :CVE-2026-42004 Published : June 25, 2026, 12:24 p.m. | 1 hour, 20 minutes ago Description :An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter. Severity: 3.7 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-40211 Published : June 25, 2026, 12:23 p.m. | 1 hour, 20 minutes ago Description :An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memory condition, resulting in a denial of service. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-40210 Published : June 25, 2026, 12:23 p.m. | 1 hour, 21 minutes ago Description :An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-40209 Published : June 25, 2026, 12:23 p.m. | 1 hour, 21 minutes ago Description :An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or if the process runs out of file descriptors. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-40208 Published : June 25, 2026, 12:22 p.m. | 1 hour, 22 minutes ago Description :An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame. Severity: 3.7 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-40011 Published : June 25, 2026, 12:22 p.m. | 1 hour, 22 minutes ago Description :An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires. Severity: 3.7 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-42005 Published : June 25, 2026, 11:57 a.m. | 1 hour, 47 minutes ago Description :An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Curl patcht recordaantal kwetsbaarheden, waaronder 25 jaar oud lek De ontwikkelaars van Curl hebben met de nieuwste versie een recordaantal kwetsbaarheden in de software verholpen, waaronder een 25 jaar oud beveiligingslek. Dat heeft Curl-maintainer Daniel Stenberg l ... Read more Published Date: Jun 25, 2026 (2 days, 23 hours ago) Vulnerabilities has been mentioned in this article.