News & Sicurezza

CVE ID :CVE-2026-35539 Published : April 3, 2026, 5:16 a.m. | 6 hours, 38 minutes ago Description :An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment. Severity: 6.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-35537 Published : April 3, 2026, 4:17 a.m. | 7 hours, 37 minutes ago Description :An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data. Severity: 3.7 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Smart Home Alert: Critical Flaws Exposed in TP-Link Tapo Security Cameras A security advisory from TP-Link have exposured a series of high-severity vulnerabilities—ranging from CVE-2026-34118 to CVE-2026-34124—affecting the Tapo C520WS v2.6 outdoor security camera. With CVS ... Read more Published Date: Apr 03, 2026 (2 days, 9 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-34124 CVE-2026-34122 CVE-2026-34121 CVE-2026-34118 CVE-2026-5281 CVE-2026-3502 CVE-2026-33032 CVE-2025-15568 CVE-2025-9520 CVE-2025-14756 CVE-2026-21962 CVE-2026-0629 CVE-2025-6542 CVE-2025-58364 CVE-2025-58060

CVE ID :CVE-2026-35535 Published : April 3, 2026, 3:16 a.m. | 8 hours, 38 minutes ago Description :In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation. Severity: 7.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-28815 Published : April 3, 2026, 3:16 a.m. | 6 hours, 38 minutes ago Description :A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5452 Published : April 3, 2026, 4:17 a.m. | 7 hours, 37 minutes ago Description :A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key . The attack can only be executed locally. The exploit has been published and may be used. Severity: 3.3 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-35536 Published : April 3, 2026, 4:16 a.m. | 7 hours, 38 minutes ago Description :In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Cisco Patches Two Critical and Six High-Severity Vulnerabilities April 3, 2026Cisco shipped fixes for eight vulnerabilities on Wednesday — two rated critical and six high-severity — spanning multiple products including Integrated Management Controller (IMC), Smart ... Read more Published Date: Apr 03, 2026 (2 days, 6 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-20160 CVE-2026-20093 CVE-2026-5281 CVE-2025-20156

200,000+ Sites at Risk: Perfmatters Flaw Enables Full WordPress Site Takeover Researchers expose a critical vulnerability in Perfmatters, a popular performance-optimization WordPress plugin with over 200,000 active installations. The flaw, identified as CVE-2026-4350, carries a ... Read more Published Date: Apr 03, 2026 (2 days, 4 hours ago) Vulnerabilities has been mentioned in this article.

CVE ID :CVE-2026-35508 Published : April 3, 2026, 2:16 a.m. | 7 hours, 38 minutes ago Description :Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters, Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-35507 Published : April 3, 2026, 2:16 a.m. | 3 hours, 38 minutes ago Description :Shynet before 0.14.0 allows Host header injection in the password reset flow. Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.