News & Sicurezza
Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.
27648 risultati
'ShinyHunters misbruikte sinds 27 mei zerodaylek in Oracle PeopleSoft' De criminele groepering ShinyHunters heeft sinds 27 mei misbruik gemaakt van een kritieke kwetsbaarheid in Oracle PeopleSoft waar op het moment van de aanvallen nog geen patch voor beschikbaar was, zo ... Read more Published Date: Jun 12, 2026 (4 days, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-35273
CVE ID :CVE-2026-12058 Published : 2026年6月12日 09:16 | 4 小时,6 分钟 ago Description :The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11535 Published : June 12, 2026, 9:16 a.m. | 2 hours, 6 minutes ago Description :The authentication mechanism of a certain function in the PcSuite has a defect, which may result in information leakage within the range of a Bluetooth connection. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.
CVE ID :CVE-2026-12059 Published : June 12, 2026, 7:16 a.m. | 4 hours, 6 minutes ago Description :The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-12060 Published : June 12, 2026, 7:16 a.m. | 4 hours, 6 minutes ago Description :Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining unauthorized access to camera and microphone permissions. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-9271 Published : June 12, 2026, 7:16 a.m. | 4 hours, 6 minutes ago Description :Vulnerability Title Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-9269 Published : June 12, 2026, 7:16 a.m. | 4 hours, 6 minutes ago Description :The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-44892 Published : June 12, 2026, 5:16 a.m. | 4 hours, 6 minutes ago Description :Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the `Http3ConnectionHandler` in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify `HTTP3_SETTINGS_MAX_FIELD_SECTION_SIZE`, the implementation defaults to an unbounded limit. This insecure default configuration allows a malicious client or server to send an enormous number of headers, leading to a memory exhaustion Denial of Service via an `OutOfMemoryError`. Version 4.2.15.Final contains a patch. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45169 Published : June 12, 2026, 5:16 a.m. | 4 hours, 6 minutes ago Description :Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS). CyberArk Security Bulletin: CA26-17 Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-48613 Published : June 12, 2026, 4:17 a.m. | 5 hours, 5 minutes ago Description :SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated to 3.3.11 or newer yet. Severity: 5.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-48612 Published : June 12, 2026, 4:17 a.m. | 5 hours, 5 minutes ago Description :Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account. This can result in unauthorized account linking and potential account takeover. Severity: 8.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Pagina 514 di 2304