Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

26434 risultati

VulnerabilitàAlta
CVE-2026-54230 - Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites

CVE ID :CVE-2026-54230 Published : June 13, 2026, 3:16 a.m. | 1 day, 12 hours ago Description :A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and writes content to the symlink target, allowing arbitrary file overwrites on the system. Severity: 7.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE13 giu 2026
VulnerabilitàAlta
CVE-2026-54229 - Abrt: chownproblemdir succeeds during active post-create event processing due to inadequate locking

CVE ID :CVE-2026-54229 Published : June 13, 2026, 3:16 a.m. | 1 day, 12 hours ago Description :A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD_OPEN_READONLY and calls dd_chown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allows an attacker to gain filesystem-level control of the dump directory while privileged event scripts are still running. Severity: 7.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE13 giu 2026
VulnerabilitàAlta
CVE-2026-54228 - Abrt: toctou race condition in abrt-dbus setelement allows arbitrary file writes to dump directories

CVE ID :CVE-2026-54228 Published : June 13, 2026, 3:16 a.m. | 1 day, 8 hours ago Description :A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package validation and allowing crashes of unpackaged binaries to survive post-create processing. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE13 giu 2026
VulnerabilitàAlta
CVE-2026-12089 - WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read

CVE ID :CVE-2026-12089 Published : June 13, 2026, 3:16 a.m. | 1 day, 8 hours ago Description :The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combine_current_css() function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem paths before reading them with file_get_contents()/Minify\CSS::add(), without enforcing that the resolved path stay within ABSPATH or have a .css extension. This makes it possible for authenticated attackers, with Editor-level access and above, to read arbitrary files. Severity: 4.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE13 giu 2026
VulnerabilitàAlta
CVE-2026-11443 - Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability

CVE ID :CVE-2026-11443 Published : June 13, 2026, 12:16 a.m. | 1 day, 5 hours ago Description :Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to execute arbitrary script on affected installations of Allegra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the downloadAttachment method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of arbitrary script. An attacker can leverage this vulnerability to execute script in the context of the current user. Was ZDI-CAN-28236. Severity: 4.6 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE13 giu 2026
VulnerabilitàAlta
CVE-2026-11442 - Allegra exportReport Directory Traversal Information Disclosure Vulnerability

CVE ID :CVE-2026-11442 Published : June 13, 2026, 12:16 a.m. | 1 day, 3 hours ago Description :Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the exportReport method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-28208. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE13 giu 2026
VulnerabilitàAlta
CVE-2026-6676 - Avira antivirus engine heap buffer OOB write when scanning a malformed POSIX tar archive

CVE ID :CVE-2026-6676 Published : June 12, 2026, 11:16 p.m. | 1 day, 4 hours ago Description :Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.27.12. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2025-9033 - Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 3)

CVE ID :CVE-2025-9033 Published : June 12, 2026, 11:16 p.m. | 22 hours, 24 minutes ago Description :Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.76. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2025-9032 - Avira antivirus engine heap buffer OOB read when scanning a malformed PE file

CVE ID :CVE-2025-9032 Published : June 12, 2026, 11:16 p.m. | 20 hours, 24 minutes ago Description :Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.98. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2025-14098 - Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable file

CVE ID :CVE-2025-14098 Published : June 12, 2026, 11:16 p.m. | 18 hours, 24 minutes ago Description :Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.104. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2026-12068 - Avira Password Manager credential disclosure via cross-origin autofill in Firefox

CVE ID :CVE-2026-12068 Published : June 12, 2026, 11:16 p.m. | 22 hours, 24 minutes ago Description :Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux. Severity: 7.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2026-53868 (CVSS 7.5)

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 30 days by exploiting unverified email ownership in account lifecycle operations.

NVD (NIST)12 giu 2026

Pagina 398 di 2203

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.