News & Sicurezza
Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.
27809 risultati
CVE ID :CVE-2026-10795 Published : June 11, 2026, 7:16 a.m. | 4 hours, 3 minutes ago Description :The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlus_Remote_Communications_V2::wp_loaded function. This is due to insufficient validation of the remote communications message format, where signature verification can be bypassed and unchecked decryption return values collapse to a predictable all-zero encryption key. This makes it possible for unauthenticated attackers to forge arbitrary RPC commands and run them as the connected administrator, such as uploading and activating a malicious plugin, which ultimately leads to remote code execution. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Oracle komt met noodpatch voor kritiek RCE-lek in PeopleSoft Oracle heeft buiten de vaste patchcyclus om een noodpatch uitgebracht voor een kritieke kwetsbaarheid in PeopleSoft Enterprise PeopleTools waardoor remote code execution (RCE) mogelijk is. Organisatie ... Read more Published Date: Jun 11, 2026 (4 days, 8 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-35273
CVE ID :CVE-2023-40200 Published : June 11, 2026, 9:16 a.m. | 2 hours, 3 minutes ago Description :Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2024-32110 Published : June 11, 2026, 9:16 a.m. | 2 hours, 3 minutes ago Description :Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. WpEvently allows Cross Site Request Forgery. This issue affects WpEvently: from n/a through 4.1.2. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2023-33999 Published : June 11, 2026, 9:16 a.m. | 2 hours, 3 minutes ago Description :Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
ServiceNow Flaw Exploited by Threat Actors to Access Customer Instances A recently disclosed ServiceNow flaw has come under scrutiny after the company confirmed that unknown threat actors exploited the vulnerability to gain unauthorized access to a number of customer inst ... Read more Published Date: Jun 11, 2026 (4 days, 8 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-41940
CISA Sets 72-Hour Patch Window for Federal Systems Facing Highest Cyber Risks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has introduced a new risk-based approach to vulnerability remediation, requiring federal civilian agencies to patch the most dangerous ... Read more Published Date: Jun 11, 2026 (4 days, 7 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-20245 CVE-2024-37079
CVE ID :CVE-2026-41856 Published : June 11, 2026, 7:16 a.m. | 4 hours, 2 minutes ago Description :The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security annotations can be ignored at runtime. Affected versions: Spring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8; 1.0.0 through 1.0.6. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41700 Published : June 11, 2026, 7:16 a.m. | 4 hours, 3 minutes ago Description :Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials. Affected versions: Spring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8; 1.0.0 through 1.0.6. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41699 Published : June 11, 2026, 7:16 a.m. | 4 hours, 3 minutes ago Description :Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated (Connection) field and the classpath contains specific classes that can be leveraged during deserialization. Affected versions: Spring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41001 Published : June 11, 2026, 7:16 a.m. | 4 hours, 3 minutes ago Description :Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4.0 through 3.4.16; 3.3.0 through 3.3.19; 2.7.0 through 2.7.33. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41000 Published : June 11, 2026, 7:16 a.m. | 4 hours, 3 minutes ago Description :Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be ineffective even when operators configured a replay cache on the interceptor. Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8. Severity: 3.7 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Pagina 542 di 2318