News & Sicurezza

CVE ID :CVE-2026-5246 Published : April 2, 2026, 10:16 a.m. | 3 hours, 38 minutes ago Description :A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. Upgrading to version 7.21 is able to address this issue. This patch is called 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.

Cisco Smart Software Manager Vulnerability Let Attackers Execute Arbitrary Commands Cisco has issued an urgent security warning regarding a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) platform. Enterprise organizations widely use this tool to manage the ... Read more Published Date: Apr 02, 2026 (1 day, 4 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-20160

'Overheden aangevallen via beveiligingslek in videovergaderplatform TrueConf' Overheidsinstanties in Zuidoost-Azië zijn aangevallen via een kwetsbaarheid in het videovergaderplatform TrueConf. Op het moment van de aanvallen was er nog geen beveiligingsupdate beschikbaar. Inmidd ... Read more Published Date: Apr 02, 2026 (1 day, 4 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-3502

Critical PX4 Autopilot Vulnerability Let Attackers Gain Control Over the Drones A newly discovered critical vulnerability in the widely used PX4 Autopilot software could allow malicious actors to take complete control over drone operations. The Cybersecurity and Infrastructure Se ... Read more Published Date: Apr 02, 2026 (1 day, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-1579

Kritiek Cisco IMC-lek laat aanvaller wachtwoord van admin aanpassen Een kritieke kwetsbaarheid in de Cisco Integrated Management Controller (IMC) laat aanvallers het wachtwoord van de administrator aanpassen, om vervolgens als admin te kunnen inloggen. Er zijn beveili ... Read more Published Date: Apr 02, 2026 (1 day, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-20093

CVE ID :CVE-2026-29143 Published : April 2, 2026, 9:16 a.m. | 2 hours, 38 minutes ago Description :SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-29144 Published : April 2, 2026, 9:16 a.m. | 2 hours, 38 minutes ago Description :SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-29137 Published : April 2, 2026, 9:16 a.m. | 2 hours, 38 minutes ago Description :SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-29141 Published : April 2, 2026, 9:16 a.m. | 2 hours, 38 minutes ago Description :SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK]. Severity: 7.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...