Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

27506 risultati

VulnerabilitàAlta
CVE-2026-12030 - Google Chrome GPU Out-of-Bounds Write Sandbox Escape

CVE ID :CVE-2026-12030 Published : June 11, 2026, 10:16 p.m. | 3 hours, 3 minutes ago Description :Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-12027 - Google Chrome Headless Sandbox Escape

CVE ID :CVE-2026-12027 Published : June 11, 2026, 10:16 p.m. | 1 hour, 3 minutes ago Description :Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-12028 - Google Chrome GPU Use-After-Free Sandbox Escape

CVE ID :CVE-2026-12028 Published : June 11, 2026, 10:16 p.m. | 1 hour, 3 minutes ago Description :Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-12029 - Google Chrome Use-After-Free Sandbox Escape

CVE ID :CVE-2026-12029 Published : June 11, 2026, 10:16 p.m. | 3 hours, 3 minutes ago Description :Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-12033 - Google Chrome Out-of-Bounds Read

CVE ID :CVE-2026-12033 Published : June 11, 2026, 10:16 p.m. | 5 hours, 4 minutes ago Description :Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-12032 - Google Chrome for Android: Insufficient Site Isolation Protection

CVE ID :CVE-2026-12032 Published : June 11, 2026, 10:16 p.m. | 5 hours, 4 minutes ago Description :Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) Severity: 3.1 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-53819 (CVSS 8.8)

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill setup to compromise the system.

NVD (NIST)11 giu 2026
VulnerabilitàAlta
CVE-2026-53817 (CVSS 8.8)

OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert temporary shared access into persistent administrative credentials that survive token rotation.

NVD (NIST)11 giu 2026
VulnerabilitàAlta
CVE-2026-53816 (CVSS 7.2)

OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway, steering target sessions into exec-event paths that expose capabilities the reduced node surface should not provide.

NVD (NIST)11 giu 2026
VulnerabilitàAlta
CVE-2026-53814 (CVSS 8.3)

OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token can exploit the /hooks/agent endpoint to cause spawned CLI runtimes to access or invoke owner-only MCP tools, potentially executing privileged actions like persistent cron state modifications.

NVD (NIST)11 giu 2026
VulnerabilitàAlta
CVE-2026-53813 (CVSS 7.8)

OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load memory-core artifacts from unintended local locations, potentially executing malicious code or accessing sensitive data.

NVD (NIST)11 giu 2026
VulnerabilitàAlta
CVE-2026-53812 (CVSS 7.7)

OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger navigation to private-network targets via action-triggered redirects and subsequently read restricted page content using browser evaluation capabilities.

NVD (NIST)11 giu 2026

Pagina 506 di 2293

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.