Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

27750 risultati

VulnerabilitàAlta
CVE-2022-45813 - WordPress Advanced AJAX Product Filters plugin <= 1.6.3.3 - Broken Access Control + CSRF

CVE ID :CVE-2022-45813 Published : June 11, 2026, 12:16 p.m. | 1 hour, 3 minutes ago Description :Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3. Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-11956 - TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute

CVE ID :CVE-2026-11956 Published : June 11, 2026, 1:16 p.m. | 2 hours, 3 minutes ago Description :A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The reported GitHub issue was closed with the label "not planned". Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
News
ShinyHunters claimt datadiefstal van honderden Oracle PeopleSoft-servers

ShinyHunters claimt datadiefstal van honderden Oracle PeopleSoft-servers De criminele groepering ShinyHunters claimt dat het van honderden Oracle PeopleSoft-servers data heeft gestolen. Dat meldt een beveiligingsonderzoeker op X. De aanvallen zijn gericht tegenover zowel ... Read more Published Date: Jun 11, 2026 (4 days, 14 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-35273

CVEfeed Newsroom11 giu 2026
News
Vulnerability in Golem OEE MES software

Vulnerability in Golem OEE MES software Vulnerability in Golem OEE MES software CVE ID CVE-2026-8464 Publication date 11 June 2026 Vendor Neuron Soft Product Golem OEE MES Vulnerable versions All before 11.6.0 Vulnerability type (CWE) Impro ... Read more Published Date: Jun 11, 2026 (4 days, 6 hours ago) Vulnerabilities has been mentioned in this article.

CVEfeed Newsroom11 giu 2026
VulnerabilitàAlta
CVE-2026-11850 - Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read

CVE ID :CVE-2026-11850 Published : June 11, 2026, 10:16 a.m. | 1 hour, 3 minutes ago Description :An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read. The attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len Severity: 5.0 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2025-7064 - Freelance Security Lock – Access to Windows OS

CVE ID :CVE-2025-7064 Published : June 11, 2026, 10:16 a.m. | 1 hour, 3 minutes ago Description :Authentication bypass by primary weakness vulnerability in ABB Freelance. This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024. Severity: 6.6 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-53911 - Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records

CVE ID :CVE-2026-53911 Published : June 11, 2026, 10:16 a.m. | 1 hour, 3 minutes ago Description :Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit request containing the id of another record, causing the save operation to update that unrelated record instead of the record identified by the route parameter. The issue affected several entity types inheriting permissive mass-assignment defaults, including User, Role, UserSetting, LocalTool, PermissionLimitation, and EnumerationCollection. Since UserSettings edit functionality was reachable by any authenticated user, exploitation could allow unauthorized modification of records within the same entity type, with impact depending on the affected endpoint and writable fields. Cerebrate 1.37 fixes this by stripping id from request input after marshalling callbacks and by globally marking id as inaccessible in the base AppModel entity. The discovery of those potential vulnerabilities are inherited from initial finding from Jeroen Pinoy additional support from AI-Assisted Optus 4.8 (the commit wrongly assign Claude Fable 5 as the model switched) and coordinated by Andras Iklody. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-5497 - Unbounded Frame Count in video/jpeg Base64 Data URL Processing Leads to OOM DoS in vllm-project/vllm

CVE ID :CVE-2026-5497 Published : June 11, 2026, 10:16 a.m. | 1 hour, 3 minutes ago Description :vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processing `video/jpeg` data URLs, the method splits the base64 data string on commas to extract individual JPEG frames without enforcing a frame count limit. An attacker can exploit this by crafting a single API request containing thousands of comma-separated base64-encoded JPEG frames in a data URL, causing the server to decode all frames into memory and crash due to excessive memory consumption. This vulnerability is reachable via the OpenAI-compatible chat completions API and does not require authentication. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2022-44630 - WordPress YITH WooCommerce Product Slider Carousel plugin <= 1.16.0 - Cross-Site Request Forgery (CSRF)

CVE ID :CVE-2022-44630 Published : June 11, 2026, 10:16 a.m. | 1 hour, 3 minutes ago Description :Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery. This issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0. Severity: 4.6 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2022-42479 - WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability

CVE ID :CVE-2022-42479 Published : June 11, 2026, 10:16 a.m. | 1 hour, 3 minutes ago Description :Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5. Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-53901 - Cerebrate before v1.37 allows mass assignment of record identifiers during object creation

CVE ID :CVE-2026-53901 Published : June 11, 2026, 9:16 a.m. | 2 hours, 3 minutes ago Description :Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add() handler attempted to remove an attacker-supplied id from $params before normalizing the request through __massageInput(). Because the normalized $input could still contain an id field, a user able to reach an affected add endpoint could supply an identifier that should have been server-controlled. Successful exploitation could allow creation of objects with attacker-chosen identifiers, potentially causing unauthorized data manipulation, object spoofing, inconsistent references, or disruption through identifier collisions, depending on the affected model and endpoint permissions. The issue was fixed in v1.37 by removing id from the normalized input before entity patching. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
News
Grootschalig misbruik van nieuwe Ivanti Sentry-kwetsbaarheid gemeld

Grootschalig misbruik van nieuwe Ivanti Sentry-kwetsbaarheid gemeld Aanvallers maken op grote schaal misbruik van een kritieke kwetsbaarheid in Ivanti Sentry, waarbij servers van een backdoor worden voorzien, zo waarschuwt The Shadowserver Foundation op basis van eige ... Read more Published Date: Jun 11, 2026 (4 days, 8 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-10520

CVEfeed Newsroom11 giu 2026

Pagina 536 di 2313

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.