Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

27746 risultati

VulnerabilitàAlta
CVE-2026-53912 - Cerebrate self-registration password hash exposure via inbox and audit log views

CVE ID :CVE-2026-53912 Published : June 11, 2026, 12:16 p.m. | 3 hours, 3 minutes ago Description :Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. This payload was returned unredacted through inbox index and view responses, including HTML, JSON, and CSV outputs, and could also be written unredacted into audit log entries for the inbox message. An authenticated user with sufficient privileges to access inbox entries or related audit logs could retrieve password hashes associated with pending self-registration requests. Although the exposed value is a password hash rather than a plaintext password, disclosure of password hashes may enable offline password-cracking attempts and could increase risk where users reuse passwords across systems. Cerebrate 1.37 fixes the issue by redacting sensitive password and authkey fields from inbox display/API output and recursively redacting those fields from JSON values written to audit logs, while leaving the stored registration payload intact for account creation processing. Affected component: Inbox self-registration request handling and audit logging Fixed version: Cerebrate 1.37 Severity: 5.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-4764 - Privilege Escalation in Dialogflow CX via Playbook Import

CVE ID :CVE-2026-4764 Published : June 11, 2026, 12:16 p.m. | 3 hours, 3 minutes ago Description :A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was patched on 15 March 2026, and no customer action is needed. Severity: 9.4 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-53423 - Unauthenticated denial-of-service via BEAM atom table exhaustion in membrane_mp4_plugin

CVE ID :CVE-2026-53423 Published : June 11, 2026, 12:16 p.m. | 3 hours, 3 minutes ago Description :Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membrane_mp4_plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion. The MP4 box header parser converts each 4-byte box name to an atom using String.to_atom/1 without validation. 'Elixir.Membrane.MP4.Container.Header':parse_box_name/1 in lib/membrane_mp4/container/header.ex interns every box name encountered while 'Elixir.Membrane.MP4.Container.Header':parse/1 walks the input. BEAM atoms are never garbage-collected, so each unique attacker-controlled 4-byte name is a permanent allocation. A crafted MP4 of approximately 8 MB containing roughly 1.1 million boxes with distinct non-standard names exhausts the atom table (default ceiling around 1,048,576 atoms), aborting the entire BEAM node and taking down all applications running on it. This issue affects membrane_mp4_plugin from 0.3.0 before 0.36.7. Severity: 5.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-10087 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

CVE ID :CVE-2026-10087 Published : June 11, 2026, 12:16 p.m. | 1 hour, 3 minutes ago Description :GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code on behalf of a targeted user due to improper input sanitization in the Analytics Dashboard. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-10733 - Improper Restriction of Rendered UI Layers or Frames in GitLab

CVE ID :CVE-2026-10733 Published : June 11, 2026, 12:16 p.m. | 1 hour, 3 minutes ago Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause denial of service on the CI/CD Catalog page due to improper sanitization. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2023-25969 - WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.8.4 - Broken Access Control vulnerability

CVE ID :CVE-2023-25969 Published : June 11, 2026, 12:16 p.m. | 1 hour, 3 minutes ago Description :Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4. Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2022-47150 - WordPress WooCommerce Conversion Tracking plugin <= 2.0.10 - Cross-Site Request Forgery (CSRF) vulnerability

CVE ID :CVE-2022-47150 Published : June 11, 2026, 12:16 p.m. | 1 hour, 3 minutes ago Description :Cross-Site request forgery (CSRF) vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2023-32959 - WordPress MetroStore theme <= 1.3.2 - Broken Access Control

CVE ID :CVE-2023-32959 Published : June 11, 2026, 12:16 p.m. | 1 hour, 3 minutes ago Description :Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2022-45813 - WordPress Advanced AJAX Product Filters plugin <= 1.6.3.3 - Broken Access Control + CSRF

CVE ID :CVE-2022-45813 Published : June 11, 2026, 12:16 p.m. | 1 hour, 3 minutes ago Description :Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3. Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-11956 - TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute

CVE ID :CVE-2026-11956 Published : June 11, 2026, 1:16 p.m. | 2 hours, 3 minutes ago Description :A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The reported GitHub issue was closed with the label "not planned". Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
News
ShinyHunters claimt datadiefstal van honderden Oracle PeopleSoft-servers

ShinyHunters claimt datadiefstal van honderden Oracle PeopleSoft-servers De criminele groepering ShinyHunters claimt dat het van honderden Oracle PeopleSoft-servers data heeft gestolen. Dat meldt een beveiligingsonderzoeker op X. De aanvallen zijn gericht tegenover zowel ... Read more Published Date: Jun 11, 2026 (4 days, 14 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-35273

CVEfeed Newsroom11 giu 2026
News
Vulnerability in Golem OEE MES software

Vulnerability in Golem OEE MES software Vulnerability in Golem OEE MES software CVE ID CVE-2026-8464 Publication date 11 June 2026 Vendor Neuron Soft Product Golem OEE MES Vulnerable versions All before 11.6.0 Vulnerability type (CWE) Impro ... Read more Published Date: Jun 11, 2026 (4 days, 6 hours ago) Vulnerabilities has been mentioned in this article.

CVEfeed Newsroom11 giu 2026

Pagina 535 di 2313

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.