News & Sicurezza
Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.
26384 risultati
CVE ID :CVE-2026-8683 Published : June 15, 2026, 4:16 p.m. | 1 hour, 25 minutes ago Description :Mattermost Desktop App versions Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10634 Published : June 15, 2026, 4:16 p.m. | 1 hour, 25 minutes ago Description :Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcp_lock while invoking the per-connection callback and re-acquired it afterwards. During that window a concurrent tcp_conn_release(), running on the dedicated TCP work-queue thread when a connection's reference count drops to zero (e.g. a remote peer closing or resetting the connection), can remove and k_mem_slab_free() the cached next connection. When the iterator advances it dereferences the freed (and possibly reallocated) slab memory — a use-after-free that can crash the system (denial of service) and, if the slot has been reused, cause the callback to operate on an attacker-influenced object (potential information disclosure or further fault). net_tcp_foreach() is reached in production via the 'net conn' network shell command and via net_tcp_close_all_for_iface() on interface-down; the freeing side is driven by ordinary TCP traffic. The fix moves the connection/context teardown in tcp_conn_release() inside the tcp_lock critical section and keeps tcp_lock held across the callback in net_tcp_foreach(). The defect was introduced with the modern (TCP2) stack in 2020 and affects releases up to and including v4.4.0. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-15659 Published : June 15, 2026, 4:16 p.m. | 1 hour, 25 minutes ago Description :Contributor Cross Site Scripting (XSS) in Elizaibots Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-15658 Published : June 15, 2026, 4:16 p.m. | 1 hour, 25 minutes ago Description :Administrator Cross Site Scripting (XSS) in WP Emmet Severity: 5.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Lab ... Read more Published Date: Jun 15, 2026 (3 days, 2 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-11645 CVE-2026-42824 CVE-2025-32711
Microsoft 365 Copilot-lek maakte via één click diefstal e-mails mogelijk Een kritieke kwetsbaarheid in Microsoft 365 Copilot maakte het mogelijk om door middel van één click van een slachtoffer e-mails en bestanden uit zijn mailbox, SharePoint en OneDrive te stelen en toeg ... Read more Published Date: Jun 15, 2026 (3 days, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2026-42824
Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
CVE ID :CVE-2026-5242 Published : June 15, 2026, 2:16 p.m. | 3 hours, 25 minutes ago Description :Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-5233 Published : June 15, 2026, 2:16 p.m. | 3 hours, 25 minutes ago Description :Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-5230 Published : June 15, 2026, 2:16 p.m. | 3 hours, 25 minutes ago Description :Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Pagina 381 di 2199