Perché il monitoraggio delle vulnerabilità è critico per la vostra azienda
Nel 2025, 48 185 nuove vulnerabilità (CVE) sono state pubblicate — un aumento del 20% rispetto al 2024. Nel 2026, la tendenza accelera ulteriormente. Ogni giorno, più di 130 falle vengono rese pubbliche, alcune delle quali riguardano i software che la vostra azienda utilizza quotidianamente.
Secondo il Verizon Data Breach Investigations Report, il 60% delle violazioni dei dati sfrutta vulnerabilità per le quali esisteva già una patch al momento dell'attacco. Il problema non è l'assenza di patch — è l'assenza di monitoraggio. Nessun team IT può seguire manualmente 130 CVE al giorno.
Avec CVE Find, explorez la plus grande base de données de vulnérabilités au monde.
Le CVE (Common Vulnerabilities and Exposures) est une liste de failles de sécurité informatique divulguées publiquement. Le programme CVE a pour objectif de faciliter le partage des données entre les différentes capacités de détection des vulnérabilités, qu'il s'agisse d'outils, de bases de données ou de services. Il fournit également une norme pour évaluer la couverture de ces outils et services.
Accédez à CVE Find
Cosa fa CVE Find per voi
Come essere avvisati in tempo reale?
CVE Find vi notifica tramite e-mail e SMS non appena una vulnerabilità riguarda i vostri prodotti. Frequenza configurabile: dall'avviso istantaneo al riepilogo mensile.
I miei software sono vulnerabili?
Configurate i vostri prodotti (CMS, server, librerie) tramite il catalogo CPE. CVE Find monitora continuamente la base MITRE e vi avvisa automaticamente. 338 000+ CVE indicizzati.
Come priorizzare le correzioni?
Il punteggio CVSS (gravità) e EPSS (probabilità di sfruttamento reale) vi indicano cosa correggere per primo. Niente più falsi positivi.
Quali falle vengono attivamente sfruttate?
Il catalogo CISA KEV integrato identifica le vulnerabilità già sfruttate nella realtà. Queste sono le falle da correggere con priorità assoluta.
La piattaforma è disponibile in italiano?
CVE Find è disponibile in francese, inglese e tedesco. Sviluppata in Svizzera da Bexxo, è l'unica piattaforma CVE completa in lingua francese.
I dati sono affidabili e aggiornati?
Sincronizzazione in tempo reale con MITRE, NVD, CISA e FIRST.org. Più di 48 000 CVE aggiunti nel 2025, e la base viene arricchita ogni ora.
Rimani sempre un passo avanti con le ultime vulnerabilità critiche di sicurezza.
CVE-2026-3587 - CRITICAL
23/03/2026
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device.
CVE-2026-4601 - HIGH
23/03/2026
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature without retrying, and then solves for x from the resulting signature.
OWSAP: A02
CVE-2026-4599 - CRITICAL
23/03/2026
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accept out-of-range candidates and thus bias DSA nonces during signature generation.
CVE-2026-4567 - CRITICAL
23/03/2026
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
overflow
CVE-2026-4566 - HIGH
23/03/2026
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
overflow
CVE-2026-4565 - HIGH
23/03/2026
A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
overflow
CVE-2026-4558 - HIGH
22/03/2026
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but...
oscommandinjectioncommandinjectionOWSAP: A03
CVE-2026-4555 - HIGH
22/03/2026
A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affec...
overflow
CVE-2026-4553 - HIGH
22/03/2026
A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
overflow
CVE-2026-4551 - HIGH
22/03/2026
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
overflow
CVE-2026-4552 - HIGH
22/03/2026
A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
overflow
CVE-2019-25615 - HIGH
22/03/2026
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field. Attackers can craft a payload with controlled buffer data, NSEH jump instructions, and SEH handler addresses to trigger code execution and establish a bind shell on port 3110.
overflow
CVE-2019-25614 - CRITICAL
22/03/2026
Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command containing 247 bytes of padding followed by a return address and shellcode to trigger code execution on the ...
overflow
CVE-2019-25611 - HIGH
22/03/2026
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges.
overflow
CVE-2019-25609 - HIGH
22/03/2026
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an SEH exception handler and execute arbitrary code with application privileges.
overflow
CVE-2019-25608 - HIGH
22/03/2026
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enab...
OWSAP: A05
CVE-2019-25607 - HIGH
22/03/2026
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.
overflow
CVE-2019-25604 - HIGH
22/03/2026
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a buffer and hijacks the SEH chain to execute arbitrary code with application privileges.
overflow
CVE-2019-25603 - HIGH
22/03/2026
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address pointing to a ROP gadget, then paste it into the license code field to trigger code execution and establis...
overflow
CVE-2019-25619 - HIGH
22/03/2026
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands.
overflow
