News & Sicurezza
Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.
26425 risultati
CVE ID :CVE-2026-34023 Published : June 15, 2026, 12:16 p.m. | 1 hour, 25 minutes ago Description :The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket messages by specifying controller identifiers belonging to other branches. This allows the attacker to access restricted functions and resources in other branches, including activating boxes outside of the user's authorized branch. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-34024 Published : June 15, 2026, 12:16 p.m. | 1 hour, 25 minutes ago Description :The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allows the attacker to perform restricted actions such as switching the user's branch, uploading arbitrary files, downloading arbitrary files, and viewing details of arbitrary branches. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-12057 Published : June 15, 2026, 12:16 p.m. | 1 hour, 25 minutes ago Description :When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
VeraCrypt meldt probleem met plausible deniability van hidden volumes maandag 15 juni 2026, 14:15 door Redactie, 1 reactiesLaatst bijgewerkt: Vandaag, 15:40 Er is een nieuwe versie van encryptiesoftware VeraCrypt verschenen, maar dit kan voor problemen zorgen met de pla ... Read more Published Date: Jun 15, 2026 (3 days, 1 hour ago) Vulnerabilities has been mentioned in this article.
Vulnerability in Responsive FileManager software Vulnerability in Responsive FileManager software CVE ID CVE-2026-5482 Publication date 15 June 2026 Vendor Tecrail Product Responsive FileManager Vulnerable versions All through 9.14.0 Vulnerability t ... Read more Published Date: Jun 15, 2026 (2 days, 23 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-5482
Vulnerability in Quick.CMS software Vulnerability in Quick.CMS software CVE ID CVE-2026-11860 Publication date 15 June 2026 Vendor OpenSolution Product Quick.CMS Vulnerable versions All through 6.8 until patch published on 14.05.2026 Vu ... Read more Published Date: Jun 15, 2026 (2 days, 22 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-11860
CVE ID :CVE-2026-44188 Published : June 15, 2026, 10:16 a.m. | 3 hours, 25 minutes ago Description :A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth (Open Authorization) access token before a user logs out, they can continue to authenticate and access sensitive data. This is because the application fails to invalidate the token on the backend, leaving it valid until its natural expiration. This can lead to unauthorized read access to Ansible resources such as inventories, playbooks, and configuration data. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-50100 Published : June 15, 2026, 10:16 a.m. | 3 hours, 25 minutes ago Description :Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to a computer running an affected printer driver could elevate privileges by using a specially crafted driver. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11860 Published : June 15, 2026, 10:16 a.m. | 3 hours, 25 minutes ago Description :Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class restrictions, crafted payloads can trigger dangerous magic methods (e.g., __wakeup() and __destruct()) and leverage gadget chains, resulting in arbitrary code execution. Exploitation is triggered automatically when an administrator accesses the admin panel. When successfully exploited, this vulnerability allows attackers to execute arbitrary code on the server via manipulated serialized data transmitted over an unprotected channel. This issue was mitigated by limiting the communication to HTTPS in a patch for version 6.8 published on 14.05.2026, deployments without this patch remain vulnerable. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites. When a site adminis ... Read more Published Date: Jun 15, 2026 (2 days, 21 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-10795 CVE-2026-11645
CVE ID :CVE-2026-8386 Published : June 15, 2026, 8:16 a.m. | 5 hours, 25 minutes ago Description :The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address and description fields and the marker's geographic coordinates. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-9278 Published : June 15, 2026, 8:16 a.m. | 5 hours, 25 minutes ago Description :The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against any visitor of a page rendering the affected form, even when the `unfiltered_html` capability is disallowed (e.g. in a multisite network). Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Pagina 389 di 2203