Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

26432 risultati

VulnerabilitàAlta
CVE-2026-12214 (CVSS 7.8)

A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

NVD (NIST)15 giu 2026
VulnerabilitàAlta
CVE-2026-12213 - hcengineering Huly Platform User Information operations.ts getAccountInfo improper authorization

CVE ID :CVE-2026-12213 Published : June 15, 2026, 4:16 a.m. | 7 hours, 25 minutes ago Description :A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-12214 - Qihoo 360 Total Security Nucleus Engine Monitoring Logic RpcStringBindingComposeW protection mechanism

CVE ID :CVE-2026-12214 Published : June 15, 2026, 4:16 a.m. | 7 hours, 25 minutes ago Description :A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-12212 - hcengineering Huly Platform RPC operations.ts getMailboxSecret access control

CVE ID :CVE-2026-12212 Published : June 15, 2026, 4:16 a.m. | 7 hours, 25 minutes ago Description :A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-12209 - RubyLouvre avalon Template Filter index.js prototype pollution

CVE ID :CVE-2026-12209 Published : June 15, 2026, 3:16 a.m. | 8 hours, 25 minutes ago Description :A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 5.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-12210 - universal-tool-calling-protocol python-utcp utcp-gql/utcp-websocket server-side request forgery

CVE ID :CVE-2026-12210 Published : June 15, 2026, 3:16 a.m. | 8 hours, 25 minutes ago Description :A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-12211 - Intelbras iNVU 7016 FT Web syslog path traversal

CVE ID :CVE-2026-12211 Published : June 15, 2026, 3:16 a.m. | 8 hours, 25 minutes ago Description :A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2_Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. Severity: 3.3 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-12208 - jsonata-js jsonata Function Binding Frame System jsonata.js createFrame prototype pollution

CVE ID :CVE-2026-12208 Published : June 15, 2026, 3:16 a.m. | 8 hours, 25 minutes ago Description :A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 5.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-12204 (CVSS 7.3)

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

NVD (NIST)15 giu 2026
VulnerabilitàAlta
CVE-2026-12206 - Grit42 Grit data_table_entity.rb DataTableEntity sql injection

CVE ID :CVE-2026-12206 Published : June 15, 2026, 2:16 a.m. | 9 hours, 25 minutes ago Description :A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-12207 - medkey-org medkey HTTP REST API PatientController.php actionGetPatientById resource injection

CVE ID :CVE-2026-12207 Published : June 15, 2026, 2:16 a.m. | 9 hours, 25 minutes ago Description :A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the component HTTP REST API. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2026-12203 - HKUDS AI-Trader Research Export agents.csv information disclosure

CVE ID :CVE-2026-12203 Published : June 15, 2026, 2:16 a.m. | 7 hours, 25 minutes ago Description :A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The patch is named 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65. Applying a patch is the recommended action to fix this issue. The vendor confirms: "Research export endpoints now require an authenticated agent with the research_exports capability". Severity: 5.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026

Pagina 392 di 2203

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.