News & Sicurezza
Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.
26359 risultati
CVE ID :CVE-2026-39574 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated SQL Injection in InPost Gallery Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52712 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Subscriber SQL Injection in Attendance Manager Severity: 7.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52711 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Broken Access Control in WooCommerce POS Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49774 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0. Severity: 9.9 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10825 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39437 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-2381 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_pay_for_order()` function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or order_key verification when processing payment for an order via the `wc_stripe_pay_for_order` WC-AJAX endpoint. The function only validates a nonce (which is publicly available on any WooCommerce page where Express Checkout is enabled), but does not verify that the requesting user owns the target order and is allowed to modify it. This makes it possible for unauthenticated attackers to force any pending order into a failed status by providing a fake payment method, causing a payment exception that updates the order status to "failed" via sequential order ID enumeration. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-68045 Published : June 16, 2026, 10:16 a.m. | 1 hour, 25 minutes ago Description :Unauthenticated Broken Access Control in WP Event SOlution Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
'Kritiek lek in Fortinet FortiSandbox na aantal dagen al misbruikt bij aanvallen' Een kritieke kwetsbaarheid in Fortinet FortiSandbox is een aantal dagen na de bekendmaking al misbruikt bij aanvallen, zo meldt securitybedrijf Defused. Fortinet kwam op 9 juni met beveiligingsupdates ... Read more Published Date: Jun 16, 2026 (3 days, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-25089 CVE-2026-39813 CVE-2026-39808
China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. "The Windows variants discovered are internally m ... Read more Published Date: Jun 16, 2026 (3 days, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-11645 CVE-2023-24932
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $_POST['curselrevs'] raw with no sanitization or type casting, then concatenating each array element directly into a `WHERE id IN ( ... )` clause without quoting and executing via $wpdb->get_results() without $wpdb->prepare(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE ID :CVE-2025-9912 Published : June 16, 2026, 8:16 a.m. | 1 hour, 25 minutes ago Description :Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Pagina 369 di 2197