Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

27735 risultati

News
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files

New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. " ... Read more Published Date: Jun 11, 2026 (4 days, 17 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-11645 CVE-2026-20230 CVE-2026-45585 CVE-2026-23479

CVEfeed Newsroom11 giu 2026
News
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm

The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leverag ... Read more Published Date: Jun 11, 2026 (4 days, 16 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-11645 CVE-2026-20230 CVE-2026-23479 CVE-2025-33073 CVE-2025-32433 CVE-2024-55591

CVEfeed Newsroom11 giu 2026
VulnerabilitàAlta
CVE-2026-7870 (CVSS 8.8)

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.

NVD (NIST)11 giu 2026
VulnerabilitàAlta
CVE-2026-7787 (CVSS 7.5)

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.

NVD (NIST)11 giu 2026
VulnerabilitàAlta
CVE-2026-9648 - CVE-2026-9648

CVE ID :CVE-2026-9648 Published : June 11, 2026, 4:16 p.m. | 1 hour, 3 minutes ago Description :The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-53777 - Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket

CVE ID :CVE-2026-53777 Published : June 11, 2026, 4:16 p.m. | 1 hour, 3 minutes ago Description :Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact_name field of ArtifactReady WebSocket messages. Attackers controlling the server URL can deliver traversal payloads through the artifact_name or download_path fields, causing the client to overwrite sensitive files or expose arbitrary local files to an attacker-accessible location. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-4096 - A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests.

CVE ID :CVE-2026-4096 Published : June 11, 2026, 4:16 p.m. | 1 hour, 3 minutes ago Description :IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàCritica
CVE-2026-11839 (CVSS 9.9)

Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003.

NVD (NIST)11 giu 2026
VulnerabilitàAlta
CVE-2026-3341 - IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services

CVE ID :CVE-2026-3341 Published : June 11, 2026, 4:16 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2024-45636 - IBM Security QRadar EDR Software has a vulnerability where user credentials may be stored in plain text, potentially exposing sensitive information.

CVE ID :CVE-2024-45636 Published : June 11, 2026, 4:16 p.m. | 1 hour, 3 minutes ago Description :IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. Severity: 4.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-11945 - PostgreSQL Anonymizer: SQL injection in the rules import functions

CVE ID :CVE-2026-11945 Published : June 11, 2026, 3:53 p.m. | 1 hour, 26 minutes ago Description :PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the import_database_rules() or import_roles_rules() functions, the malicious code is executed with superuser privileges. The problem is resolved in PostgreSQL Anonymizer 3.1.1 and further versions Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-49982 - tmp: Type-confusion bypass of _assertPath in [email protected] allows path traversal via non-string prefix/postfix/template

CVE ID :CVE-2026-49982 Published : June 11, 2026, 3:45 p.m. | 1 hour, 34 minutes ago Description :tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value (Array, Buffer, or any object) whose includes('..') returns falsy but whose stringification still contains ../. The value flows through Array.prototype.join/String coercion inside _generateTmpName and path.join(tmpDir, opts.dir, name), producing a final path that escapes tmpdir and creates a file or directory at an attacker-controlled location with the host process's privileges. This affects any application that forwards untrusted request data (a common pattern is JSON body fields or qs-parsed bracket-array query strings such as ?prefix[]=...) into tmp.file, tmp.fileSync, tmp.dir, tmp.dirSync, tmp.tmpName, or tmp.tmpNameSync without explicit type coercion. This vulnerability is fixed in 0.2.7. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026

Pagina 530 di 2312

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.