Agenzia per la cybersicurezza nazionale
Pubblicato: 13/02/26 11:26
Ultimo aggiornamento: 13/02/26 11:26
Impatto: Medio (64.35)
Agenzia per la cybersicurezza nazionale
Pubblicato: 13/02/26 11:12
Ultimo aggiornamento: 13/02/26 11:12
Impatto: Alto (72.82)
Agenzia per la cybersicurezza nazionale
Pubblicato: 13/02/26 10:41
Ultimo aggiornamento: 13/02/26 10:41
Impatto: Alto (65.12)
Agenzia per la cybersicurezza nazionale
Pubblicato: 12/02/26 15:48
Ultimo aggiornamento: 12/02/26 15:48
Impatto: Alto (66.41)
Agenzia per la cybersicurezza nazionale
Pubblicato: 12/02/26 15:39
Ultimo aggiornamento: 12/02/26 15:39
Impatto: Medio (60.89)
Agenzia per la cybersicurezza nazionale
Pubblicato: 12/02/26 14:20
Ultimo aggiornamento: 12/02/26 14:20
Impatto: Alto (65.12)
Agenzia per la cybersicurezza nazionale
Pubblicato: 12/02/26 11:19
Ultimo aggiornamento: 12/02/26 11:19
Impatto: Medio (59.61)
Agenzia per la cybersicurezza nazionale
Pubblicato: 13/02/26 11:26
Ultimo aggiornamento: 13/02/26 11:26
Impatto: Medio (64.35)
Agenzia per la cybersicurezza nazionale
Pubblicato: 13/02/26 11:12
Ultimo aggiornamento: 13/02/26 11:12
Impatto: Alto (72.82)
Agenzia per la cybersicurezza nazionale
Pubblicato: 13/02/26 10:41
Ultimo aggiornamento: 13/02/26 10:41
Impatto: Alto (65.12)
Agenzia per la cybersicurezza nazionale
Pubblicato: 12/02/26 15:48
Ultimo aggiornamento: 12/02/26 15:48
Impatto: Alto (66.41)
Agenzia per la cybersicurezza nazionale
Pubblicato: 12/02/26 15:39
Ultimo aggiornamento: 12/02/26 15:39
Impatto: Medio (60.89)
Agenzia per la cybersicurezza nazionale
Pubblicato: 12/02/26 14:20
Ultimo aggiornamento: 12/02/26 14:20
Impatto: Alto (65.12)
Agenzia per la cybersicurezza nazionale
Pubblicato: 12/02/26 11:19
Ultimo aggiornamento: 12/02/26 11:19
Impatto: Medio (59.61)
CVE: CVE-2025-15027
Vendor: jayarsiech
CVSS: 0.10
Exploitation: 0.10%
Changed: 7 days ago
Description: The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_login_register_ajax_create_final_user' function. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.
CVE: CVE-2026-25858
Vendor: macrozheng
CVSS: 0.18
Exploitation: 0.18%
Changed: 8 days ago
Description: macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time password (OTP) directly in the API response and validates password reset requests solely by comparing the provided OTP to a value stored by telephone number, without verifying user identity or ownership of the telephone number. This enables remote account takeover of any user with a known or guessable telephone number.
CVE: CVE-2026-0106
Vendor: Google
CVSS: 9.3
Exploitation: Not available
Changed: 8 days ago
Description: In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE: CVE-2026-24300
Vendor: Microsoft
CVSS: 0.09
Exploitation: 0.09%
Changed: 8 days ago
Description: Azure Front Door Elevation of Privilege Vulnerability
CVE: CVE-2026-1731
Vendor: BeyondTrust
CVSS: 9.9
Exploitation: N/A
Changed: 9 days ago
Description: BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
CVE: CVE-2025-15556
Vendor: notepad-plus-plus
CVSS: 7.7
Exploitation: N/A
Changed: 10 days ago
Description: Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download and execute an attacker-controlled installer, resulting in arbitrary code execution with the privileges of the user.
CVE: CVE-2025-40536
Vendor: SolarWinds
CVSS: 8.1
Exploitation: N/A
Changed: 13 days ago
Description: SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
CVE: CVE-2024-43468
Vendor: Microsoft
CVSS: 9.8
Exploitation: N/A
Changed: 7 months ago
Description: Microsoft Configuration Manager Remote Code Execution Vulnerability
CVE: CVE-2023-6425
Vendor: BigProf
CVSS: 0.17
Exploitation: 0.17%
Changed: 9 days ago
Description: A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.
CVE: CVE-2025-41024
Vendor: Poultry Farm Management System
CVSS: 0.03
Exploitation: 0.03%
Changed: 10 days ago
Description: Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country', 'mobilenumber' y 'regno' parameters in '/farm/farmprofile.php'.
CVE: CVE-2025-41025
Vendor: Poultry Farm Management System
CVSS: 0.03
Exploitation: 0.03%
Changed: 10 days ago
Description: Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'category' y 'product' parameters in '/farm/sell_product.php'.
CVE: CVE-2026-1523
Vendor: Primion Digitek
CVSS: 0.14
Exploitation: 0.14%
Changed: 10 days ago
Description: Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server's file system, thet is, '
http:///..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd'. By manipulating the input to include URL encoded directory traversal sequences (e.g., %2F representing /), an attacker can bypass the input validation mechanisms ans retrieve sensitive files outside the intended directory, which could lead to information disclosure or further system compromise.