Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

27843 risultati

News
Vulnerability in Golem OEE MES software

Vulnerability in Golem OEE MES software Vulnerability in Golem OEE MES software CVE ID CVE-2026-8464 Publication date 11 June 2026 Vendor Neuron Soft Product Golem OEE MES Vulnerable versions All before 11.6.0 Vulnerability type (CWE) Impro ... Read more Published Date: Jun 11, 2026 (4 days, 6 hours ago) Vulnerabilities has been mentioned in this article.

CVEfeed Newsroom11 giu 2026
VulnerabilitàAlta
CVE-2026-53911 - Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records

CVE ID :CVE-2026-53911 Published : June 11, 2026, 10:16 a.m. | 1 hour, 3 minutes ago Description :Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit request containing the id of another record, causing the save operation to update that unrelated record instead of the record identified by the route parameter. The issue affected several entity types inheriting permissive mass-assignment defaults, including User, Role, UserSetting, LocalTool, PermissionLimitation, and EnumerationCollection. Since UserSettings edit functionality was reachable by any authenticated user, exploitation could allow unauthorized modification of records within the same entity type, with impact depending on the affected endpoint and writable fields. Cerebrate 1.37 fixes this by stripping id from request input after marshalling callbacks and by globally marking id as inaccessible in the base AppModel entity. The discovery of those potential vulnerabilities are inherited from initial finding from Jeroen Pinoy additional support from AI-Assisted Optus 4.8 (the commit wrongly assign Claude Fable 5 as the model switched) and coordinated by Andras Iklody. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2025-7064 - Freelance Security Lock – Access to Windows OS

CVE ID :CVE-2025-7064 Published : June 11, 2026, 10:16 a.m. | 1 hour, 3 minutes ago Description :Authentication bypass by primary weakness vulnerability in ABB Freelance. This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024. Severity: 6.6 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-11850 - Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read

CVE ID :CVE-2026-11850 Published : June 11, 2026, 10:16 a.m. | 1 hour, 3 minutes ago Description :An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read. The attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len Severity: 5.0 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-5497 - Unbounded Frame Count in video/jpeg Base64 Data URL Processing Leads to OOM DoS in vllm-project/vllm

CVE ID :CVE-2026-5497 Published : June 11, 2026, 10:16 a.m. | 1 hour, 3 minutes ago Description :vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processing `video/jpeg` data URLs, the method splits the base64 data string on commas to extract individual JPEG frames without enforcing a frame count limit. An attacker can exploit this by crafting a single API request containing thousands of comma-separated base64-encoded JPEG frames in a data URL, causing the server to decode all frames into memory and crash due to excessive memory consumption. This vulnerability is reachable via the OpenAI-compatible chat completions API and does not require authentication. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2022-44630 - WordPress YITH WooCommerce Product Slider Carousel plugin <= 1.16.0 - Cross-Site Request Forgery (CSRF)

CVE ID :CVE-2022-44630 Published : June 11, 2026, 10:16 a.m. | 1 hour, 3 minutes ago Description :Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery. This issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0. Severity: 4.6 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2022-42479 - WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability

CVE ID :CVE-2022-42479 Published : June 11, 2026, 10:16 a.m. | 1 hour, 3 minutes ago Description :Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5. Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
VulnerabilitàAlta
CVE-2026-53901 - Cerebrate before v1.37 allows mass assignment of record identifiers during object creation

CVE ID :CVE-2026-53901 Published : June 11, 2026, 9:16 a.m. | 2 hours, 3 minutes ago Description :Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add() handler attempted to remove an attacker-supplied id from $params before normalizing the request through __massageInput(). Because the normalized $input could still contain an id field, a user able to reach an affected add endpoint could supply an identifier that should have been server-controlled. Successful exploitation could allow creation of objects with attacker-chosen identifiers, potentially causing unauthorized data manipulation, object spoofing, inconsistent references, or disruption through identifier collisions, depending on the affected model and endpoint permissions. The issue was fixed in v1.37 by removing id from the normalized input before entity patching. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
News
Grootschalig misbruik van nieuwe Ivanti Sentry-kwetsbaarheid gemeld

Grootschalig misbruik van nieuwe Ivanti Sentry-kwetsbaarheid gemeld Aanvallers maken op grote schaal misbruik van een kritieke kwetsbaarheid in Ivanti Sentry, waarbij servers van een backdoor worden voorzien, zo waarschuwt The Shadowserver Foundation op basis van eige ... Read more Published Date: Jun 11, 2026 (4 days, 8 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-10520

CVEfeed Newsroom11 giu 2026
VulnerabilitàAlta
CVE-2026-10795 (CVSS 8.1)

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlus_Remote_Communications_V2::wp_loaded function. This is due to insufficient validation of the remote communications message format, where signature verification can be bypassed and unchecked decryption return values collapse to a predictable all-zero encryption key. This makes it possible for unauthenticated attackers to forge arbitrary RPC commands and run them as the connected administrator, such as uploading and activating a malicious plugin, which ultimately leads to remote code execution.

NVD (NIST)11 giu 2026
VulnerabilitàAlta
CVE-2026-10795 - UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc

CVE ID :CVE-2026-10795 Published : June 11, 2026, 7:16 a.m. | 4 hours, 3 minutes ago Description :The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlus_Remote_Communications_V2::wp_loaded function. This is due to insufficient validation of the remote communications message format, where signature verification can be bypassed and unchecked decryption return values collapse to a predictable all-zero encryption key. This makes it possible for unauthenticated attackers to forge arbitrary RPC commands and run them as the connected administrator, such as uploading and activating a malicious plugin, which ultimately leads to remote code execution. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE11 giu 2026
News
Oracle komt met noodpatch voor kritiek RCE-lek in PeopleSoft

Oracle komt met noodpatch voor kritiek RCE-lek in PeopleSoft Oracle heeft buiten de vaste patchcyclus om een noodpatch uitgebracht voor een kritieke kwetsbaarheid in PeopleSoft Enterprise PeopleTools waardoor remote code execution (RCE) mogelijk is. Organisatie ... Read more Published Date: Jun 11, 2026 (4 days, 8 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-35273

CVEfeed Newsroom11 giu 2026

Pagina 544 di 2321

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.