Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

26263 risultati

VulnerabilitàAlta
CVE-2026-48117 - DroneAware's Improper Account Activation in Registration and SSO Flows Leads to Account Takeover

CVE ID :CVE-2026-48117 Published : June 17, 2026, 2:02 p.m. | 1 hour, 39 minutes ago Description :DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attacker-controlled password before the victim completed account activation. When the legitimate owner later activated the account, either by clicking the email verification link or by logging in via Google SSO, the attacker-set password became fully valid, enabling silent and persistent account takeover without any notification to the victim. The vulnerability was fixed server-side on 2025-05-20; no user action is required. Node binaries and self-hosted detection nodes are not affected. There are no workarounds; the fix was deployed server-side and no client-side mitigation is applicable. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-54809 - WordPress GIFT4U plugin <= 1.0.10 - SQL Injection vulnerability

CVE ID :CVE-2026-54809 Published : June 17, 2026, 1:51 p.m. | 1 hour, 50 minutes ago Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-54808 - WordPress WP Travel Gutenberg Blocks plugin <= 3.9.4 - SQL Injection vulnerability

CVE ID :CVE-2026-54808 Published : June 17, 2026, 1:51 p.m. | 1 hour, 51 minutes ago Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2025-69189 - WordPress JobBank plugin <= 1.2.3 - Broken Access Control vulnerability

CVE ID :CVE-2025-69189 Published : June 17, 2026, 1:49 p.m. | 1 hour, 53 minutes ago Description :Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2025-59872 - HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability,

CVE ID :CVE-2025-59872 Published : June 17, 2026, 12:32 p.m. | 1 hour, 9 minutes ago Description :HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2026-11975 - Stored Cross-Site Scripting (XSS) in SimplCommerce News Module Admin Interface

CVE ID :CVE-2026-11975 Published : June 17, 2026, 12:18 p.m. | 1 hour, 24 minutes ago Description :Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw() Severity: 6.2 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2025-62340 - HCL iControl was affected by Inadequate Session Timeout vulnerability

CVE ID :CVE-2025-62340 Published : June 17, 2026, 12:17 p.m. | 1 hour, 25 minutes ago Description :HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity Severity: 3.1 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2024-37496 - WordPress Metro Magazine theme <= 1.3.7 - Broken Access Control on Notice Dismissal vulnerability

CVE ID :CVE-2024-37496 Published : June 17, 2026, 12:13 p.m. | 1 hour, 28 minutes ago Description :Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2024-37210 - WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control vulnerability

CVE ID :CVE-2024-37210 Published : June 17, 2026, 12:11 p.m. | 1 hour, 30 minutes ago Description :Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2024-35690 - WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability

CVE ID :CVE-2024-35690 Published : June 17, 2026, 12:05 p.m. | 1 hour, 37 minutes ago Description :Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2024-35648 - WordPress Emergency Password Reset plugin <= 8.0 - Cross Site Request Forgery (CSRF) vulnerability

CVE ID :CVE-2024-35648 Published : June 17, 2026, 12:03 p.m. | 1 hour, 38 minutes ago Description :Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026
VulnerabilitàAlta
CVE-2024-33909 - WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability

CVE ID :CVE-2024-33909 Published : June 17, 2026, 12:02 p.m. | 1 hour, 40 minutes ago Description :Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE17 giu 2026

Pagina 339 di 2189

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.