Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

27049 risultati

VulnerabilitàAlta
CVE-2025-14098 - Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable file

CVE ID :CVE-2025-14098 Published : June 12, 2026, 11:16 p.m. | 18 hours, 24 minutes ago Description :Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.104. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2026-12068 - Avira Password Manager credential disclosure via cross-origin autofill in Firefox

CVE ID :CVE-2026-12068 Published : June 12, 2026, 11:16 p.m. | 22 hours, 24 minutes ago Description :Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux. Severity: 7.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2026-53868 (CVSS 7.5)

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 30 days by exploiting unverified email ownership in account lifecycle operations.

NVD (NIST)12 giu 2026
VulnerabilitàAlta
CVE-2026-53867 - Capgo < 12.128.2 - Orphaned File Retention via Profile Image Replacement

CVE ID :CVE-2026-53867 Published : June 12, 2026, 10:16 p.m. | 9 hours, 22 minutes ago Description :Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2026-54095 - Rejected reason: CVE ** REJECT ** DO NOT USE THIS

CVE ID :CVE-2026-54095 Published : June 12, 2026, 10:16 p.m. | 13 hours, 23 minutes ago Description :Rejected reason: CVE ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate is a duplicate of CVE-2025-53826. Notes: All CVE users should reference CVE-2025-53826 instead of this candidate Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2026-54398 - MISP object edit authorization bypass allows unauthorized sharing group assignment

CVE ID :CVE-2026-54398 Published : June 12, 2026, 10:16 p.m. | 17 hours, 23 minutes ago Description :An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group validation was performed against the wrong request data structure after object fields had been merged to the top level, causing the check to be bypassed. In addition, attributes embedded in objects were not individually validated for authorized sharing group use. An attacker could craft a request with distribution set to 4 and an arbitrary sharing_group_id, potentially disclosing the existence or name of otherwise non-visible sharing groups and improperly modifying the distribution metadata of objects or contained attributes. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2026-53868 - Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion

CVE ID :CVE-2026-53868 Published : June 12, 2026, 10:16 p.m. | 9 hours, 22 minutes ago Description :Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 30 days by exploiting unverified email ownership in account lifecycle operations. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàCritica
CVE-2026-53838 (CVSS 9.8)

OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing approval restrictions.

NVD (NIST)12 giu 2026
VulnerabilitàAlta
CVE-2026-53836 (CVSS 8.8)

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using abbreviated flag aliases not recognized by the allowlist parser. Remote authenticated operators can bypass execution allowlist checks by using unrecognized encoded-command alias forms to execute arbitrary PowerShell content.

NVD (NIST)12 giu 2026
VulnerabilitàAlta
CVE-2026-53834 (CVSS 7.5)

OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering command handling from blocked senders depending on operator configuration.

NVD (NIST)12 giu 2026
VulnerabilitàAlta
CVE-2026-53835 - OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings

CVE ID :CVE-2026-53835 Published : June 12, 2026, 10:16 p.m. | 7 hours, 22 minutes ago Description :OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding feature to change sender-agent binding state beyond intended policy, potentially enabling unauthorized binding modifications. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2026-53834 - OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands

CVE ID :CVE-2026-53834 Published : June 12, 2026, 10:16 p.m. | 7 hours, 22 minutes ago Description :OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering command handling from blocked senders depending on operator configuration. Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026

Pagina 450 di 2255

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.