Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

26239 risultati

VulnerabilitàAlta
CVE-2026-1288 - RFA File Parsing Vulnerability in Autodesk Revit

CVE ID :CVE-2026-1288 Published : June 17, 2026, 3:27 p.m. | 2 hours, 14 minutes ago Description :A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition. Severity: 5.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2025-32748 - Dell PowerFlex Host Header Injection

CVE ID :CVE-2025-32748 Published : June 17, 2026, 3:17 p.m. | 2 hours, 25 minutes ago Description :Dell PowerFlex rack, version(s) RCM 3.7/3.7, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-35069 - Dell PowerFlex Manager SQL Injection

CVE ID :CVE-2026-35069 Published : June 17, 2026, 3:10 p.m. | 2 hours, 32 minutes ago Description :Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. Severity: 5.7 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-35068 - Dell PowerFlex Manager, version(s) [Versions], con

CVE ID :CVE-2026-35068 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure. Severity: 3.5 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-53875 - picklescan - Scanning Bypass via Dynamic Eval in scan_pytorch

CVE ID :CVE-2026-53875 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the __reduce__ trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable, enabling arbitrary code execution when loaded with torch.load(). Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-53874 - picklescan - Arbitrary Code Execution via Obfuscated eval Call

CVE ID :CVE-2026-53874 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle is loaded from untrusted sources. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-53873 - picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass

CVE ID :CVE-2026-53873 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run() function, allowing attackers to achieve arbitrary code execution via exec(). Attackers can craft malicious pickle files calling profile.run(statement) to execute arbitrary Python code while picklescan reports zero security issues. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-53872 - picklescan - Arbitrary File Read via Unsafe Pickle Deserialization

CVE ID :CVE-2026-53872 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to external servers. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-3490 - picklescan - Universal Blocklist Bypass via pkgutil.resolve_name

CVE ID :CVE-2026-3490 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.system, builtins.exec, or subprocess.call to achieve remote code execution. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2025-71323 - picklescan - Remote Code Execution via Unblocked ctypes Module

CVE ID :CVE-2025-71323 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbox protections and gadget chain detection. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2025-71325 - picklescan - Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw

CVE ID :CVE-2025-71325 Published : June 17, 2026, 3:05 p.m. | 2 hours, 37 minutes ago Description :picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigger unexpected exceptions and evade security scanning. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2025-71322 - PickleScan - Unsafe Globals Check Bypass via pty.spawn Function

CVE ID :CVE-2025-71322 Published : June 17, 2026, 3:04 p.m. | 2 hours, 37 minutes ago Description :PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026

Pagina 334 di 2187

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.