Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

26384 risultati

VulnerabilitàAlta
CVE-2026-8683 - Overly long URLs crash the Mattermost Desktop App

CVE ID :CVE-2026-8683 Published : June 15, 2026, 4:16 p.m. | 1 hour, 25 minutes ago Description :Mattermost Desktop App versions Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-10634 - Use-after-free in Zephyr native TCP net_tcp_foreach() due to dropping tcp_lock during the callback

CVE ID :CVE-2026-10634 Published : June 15, 2026, 4:16 p.m. | 1 hour, 25 minutes ago Description :Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcp_lock while invoking the per-connection callback and re-acquired it afterwards. During that window a concurrent tcp_conn_release(), running on the dedicated TCP work-queue thread when a connection's reference count drops to zero (e.g. a remote peer closing or resetting the connection), can remove and k_mem_slab_free() the cached next connection. When the iterator advances it dereferences the freed (and possibly reallocated) slab memory — a use-after-free that can crash the system (denial of service) and, if the slot has been reused, cause the callback to operate on an attacker-influenced object (potential information disclosure or further fault). net_tcp_foreach() is reached in production via the 'net conn' network shell command and via net_tcp_close_all_for_iface() on interface-down; the freeing side is driven by ordinary TCP traffic. The fix moves the connection/context teardown in tcp_conn_release() inside the tcp_lock critical section and keeps tcp_lock held across the callback in net_tcp_foreach(). The defect was introduced with the modern (TCP2) stack in 2020 and affects releases up to and including v4.4.0. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2025-15659 - WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

CVE ID :CVE-2025-15659 Published : June 15, 2026, 4:16 p.m. | 1 hour, 25 minutes ago Description :Contributor Cross Site Scripting (XSS) in Elizaibots Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2025-15658 - WordPress WP Emmet plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability

CVE ID :CVE-2025-15658 Published : June 15, 2026, 4:16 p.m. | 1 hour, 25 minutes ago Description :Administrator Cross Site Scripting (XSS) in WP Emmet Severity: 5.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
News
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Lab ... Read more Published Date: Jun 15, 2026 (3 days, 2 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-11645 CVE-2026-42824 CVE-2025-32711

CVEfeed Newsroom15 giu 2026
News
Microsoft 365 Copilot-lek maakte via één click diefstal e-mails mogelijk

Microsoft 365 Copilot-lek maakte via één click diefstal e-mails mogelijk Een kritieke kwetsbaarheid in Microsoft 365 Copilot maakte het mogelijk om door middel van één click van een slachtoffer e-mails en bestanden uit zijn mailbox, SharePoint en OneDrive te stelen en toeg ... Read more Published Date: Jun 15, 2026 (3 days, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2026-42824

CVEfeed Newsroom15 giu 2026
VulnerabilitàAlta
CVE-2026-5242 (CVSS 8.8)

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.

NVD (NIST)15 giu 2026
VulnerabilitàAlta
CVE-2026-5233 (CVSS 7.1)

Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.

NVD (NIST)15 giu 2026
VulnerabilitàAlta
CVE-2026-5230 (CVSS 7.1)

Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.

NVD (NIST)15 giu 2026
VulnerabilitàAlta
CVE-2026-5242 - Code Injection in Mia Technologies' Pizzy Library

CVE ID :CVE-2026-5242 Published : June 15, 2026, 2:16 p.m. | 3 hours, 25 minutes ago Description :Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-5233 - Missing Rate Limiting in Mia Technologies' Pizzy Library

CVE ID :CVE-2026-5233 Published : June 15, 2026, 2:16 p.m. | 3 hours, 25 minutes ago Description :Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-5230 - Improper Access Control in Mia Technologies' Pizzy Library

CVE ID :CVE-2026-5230 Published : June 15, 2026, 2:16 p.m. | 3 hours, 25 minutes ago Description :Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026

Pagina 381 di 2199

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.