News & Sicurezza
Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.
27430 risultati
CVE ID :CVE-2026-10676 Published : June 12, 2026, 12:16 a.m. | 9 hours, 6 minutes ago Description :Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis determined that the addressed defect is not reachable in any released version of Zephyr: on every supported release branch the affected value is corrected before it is used, and the change that exposes the defect exists only in unreleased development code. As no released version is affected, this identifier is withdrawn. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-47238 Published : June 11, 2026, 11:16 p.m. | 10 hours, 6 minutes ago Description :ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit another user's video subtitles because of a lack of authorization. They can upload subtitles, edit their name or delete them. This issue has been patched in version 5.5.3 - #133. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45060 Published : June 11, 2026, 11:16 p.m. | 8 hours, 5 minutes ago Description :ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been patched in version 5.5.3 - #129. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42846 Published : June 11, 2026, 11:16 p.m. | 6 hours, 5 minutes ago Description :ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly into shell commands without escaping then executed, so any shell metacharacter in the URL is interpreted. This results in arbitrary command execution. This issue has been patched in version 5.5.3 - #140. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45418 Published : June 11, 2026, 11:16 p.m. | 8 hours, 5 minutes ago Description :ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload videos can add multiple subtitles from different files and change their title (English, Spanish...). The POST /actions/subtitle_edit.php request used to change their title includes a number parameter which is vulnerable to SQL Injection. A boolean-based blind SQL injection can be used to exfiltrate sensitive data. This issue has been patched in version 5.5.3 - #132. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49060 Published : June 11, 2026, 10:16 p.m. | 7 hours, 4 minutes ago Description :Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45174 Published : June 11, 2026, 10:16 p.m. | 7 hours, 4 minutes ago Description :Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19 Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45171 Published : June 11, 2026, 10:16 p.m. | 5 hours, 4 minutes ago Description :Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-18 Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45173 Published : June 11, 2026, 10:16 p.m. | 5 hours, 4 minutes ago Description :Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session. CyberArk Security Bulletin: CA26-21 Severity: 8.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6250 Published : June 11, 2026, 10:16 p.m. | 7 hours, 4 minutes ago Description :An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data such as return addresses. A remote authenticated attacker may redirect execution flow to existing internal functions, triggering an unauthorized factory reset, leading to loss of configuration, deletion of stored credentials and service disruption. Severity: 7.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45172 Published : June 11, 2026, 10:16 p.m. | 5 hours, 4 minutes ago Description :Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18 Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-44250 Published : June 11, 2026, 10:16 p.m. | 5 hours, 4 minutes ago Description :Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError. Versions 4.1.135.Final and 4.2.15.Final patch the issue. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Pagina 498 di 2286