Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

26425 risultati

VulnerabilitàAlta
CVE-2026-8935 - Advanced Google Maps < 6.1.1 - Unauthenticated Administrator Account Creation

CVE ID :CVE-2026-8935 Published : June 15, 2026, 8:16 a.m. | 5 hours, 25 minutes ago Description :The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin access. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-8385 - WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Datatables AJAX Fallback

CVE ID :CVE-2026-8385 Published : June 15, 2026, 8:16 a.m. | 5 hours, 25 minutes ago Description :The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title, category, address and description fields. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
News
Splunk Urges Immediate Patching of Critical Flaw Enabling Arbitrary File Operations

Splunk Urges Immediate Patching of Critical Flaw Enabling Arbitrary File Operations A newly disclosed security vulnerability in Splunk Enterprise has prompted urgent patching efforts after researchers revealed that the flaw could allow unauthenticated attackers to perform arbitrary f ... Read more Published Date: Jun 15, 2026 (2 days, 12 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-20253 CVE-2026-45829

CVEfeed Newsroom15 giu 2026
News
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portal ... Read more Published Date: Jun 15, 2026 (2 days, 11 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-11645 CVE-2026-20230 CVE-2026-0257 CVE-2026-23479

CVEfeed Newsroom15 giu 2026
VulnerabilitàAlta
CVE-2026-12222 (CVSS 8)

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs to be done within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

NVD (NIST)15 giu 2026
VulnerabilitàAlta
CVE-2026-12221 (CVSS 8)

A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/start_offset results in stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

NVD (NIST)15 giu 2026
VulnerabilitàAlta
CVE-2026-12220 (CVSS 8)

A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

NVD (NIST)15 giu 2026
VulnerabilitàAlta
CVE-2026-12223 - Yealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command injection

CVE ID :CVE-2026-12223 Published : June 15, 2026, 6:16 a.m. | 7 hours, 25 minutes ago Description :A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack needs to be initiated within the local network. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 5.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-12220 - Yealink SIP-T46U Firmware Chunk Upload handler accupgradebychunk mod_upgrade.SparePartsUpload stack-based overflow

CVE ID :CVE-2026-12220 Published : June 15, 2026, 6:16 a.m. | 7 hours, 25 minutes ago Description :A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 8.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-12221 - Yealink SIP-T46U Firmware Chunk Upload upgrade sprintf stack-based overflow

CVE ID :CVE-2026-12221 Published : June 15, 2026, 6:16 a.m. | 7 hours, 25 minutes ago Description :A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/start_offset results in stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 8.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-12222 - Yealink SIP-T46U Web FastCGI Service bttest mod_webd.BlueToothTest stack-based overflow

CVE ID :CVE-2026-12222 Published : June 15, 2026, 6:16 a.m. | 7 hours, 25 minutes ago Description :A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs to be done within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 8.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-12219 - Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection

CVE ID :CVE-2026-12219 Published : June 15, 2026, 6:16 a.m. | 7 hours, 25 minutes ago Description :A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026

Pagina 390 di 2203

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.