News & Sicurezza

CVE ID :CVE-2026-4079 Published : April 7, 2026, 7:16 a.m. | 4 hours, 39 minutes ago Description :The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against the dynamic filter functionality. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and ... Read more Published Date: Apr 07, 2026 (22 hours, 19 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-3055 CVE-2026-1731 CVE-2026-23760 CVE-2025-52691 CVE-2025-53521 CVE-2025-10035 CVE-2025-31161 CVE-2024-57728 CVE-2024-57727 CVE-2024-57726 CVE-2024-27199 CVE-2024-27198 CVE-2024-1709 CVE-2024-1708 CVE-2024-21887 CVE-2023-46805 CVE-2023-27351 CVE-2023-27350 CVE-2023-21529

FortiClientEMS Vulnerabilities Under Active Exploitation, Expose Systems to RCE A newly disclosed set of vulnerabilities affecting Fortinet’s endpoint management platform has raised serious concerns among cybersecurity professionals, particularly as both flaws are already being a ... Read more Published Date: Apr 07, 2026 (22 hours, 28 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-35616 CVE-2026-21643

CVE ID :CVE-2025-65116 Published : April 7, 2026, 6:16 a.m. | 5 hours, 39 minutes ago Description :Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13. Severity: 5.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question ... Read more Published Date: Apr 07, 2026 (20 hours, 58 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-3055 CVE-2025-53521 CVE-2025-59528 CVE-2025-8943 CVE-2025-26319

CVE ID :CVE-2026-1839 Published : April 7, 2026, 6:16 a.m. | 5 hours, 39 minutes ago Description :A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This issue affects all versions of the library supporting `torch>=2.2` when used with PyTorch versions below 2.6, as the `safe_globals()` context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such as `rng_state.pth`, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2025-65115 Published : April 7, 2026, 6:16 a.m. | 5 hours, 39 minutes ago Description :Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulnerability was partially patched in version 3.3.25 and fully patched in version 3.3.27.

CVE ID :CVE-2026-0740 Published : April 7, 2026, 5:16 a.m. | 6 hours, 39 minutes ago Description :The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulnerability was partially patched in version 3.3.25 and fully patched in version 3.3.27. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Android Security Bulletin April 2026: Critical Framework Patch Targets “Zero-Interaction” DoS Vulnerability Google has released its Android Security Bulletin for April 2026, delivering a suite of critical security fixes for the world’s most popular mobile operating system. The update is divided into two dis ... Read more Published Date: Apr 07, 2026 (16 hours, 28 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-0049 CVE-2025-48651 CVE-2026-35616 CVE-2026-5281 CVE-2026-3502 CVE-2026-33032 CVE-2026-21385 CVE-2026-21962

CVE ID :CVE-2026-20446 Published : April 7, 2026, 4:17 a.m. | 7 hours, 38 minutes ago Description :In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if an attacker has physical access to the device, with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09963054; Issue ID: MSV-3899. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-20433 Published : April 7, 2026, 4:17 a.m. | 7 hours, 38 minutes ago Description :In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...