Category: Alert Feeds

  Posted by Egidio Romano on Feb 22 —————————————————————————- SmarterMail <= 9518 (MailboxId) Reflected Cross-Site Scripting Vulnerability —————————————————————————- [-] Software Link: https://www.smartertools.com/smartermail/business-email-server [-] Affected Versions: Build 9518 and prior builds. [-] Vulnerability Description: User input passed through the… – Read More  – Full Disclosure 

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 22 SEC Consult Vulnerability Lab Security Advisory < 20260218-0 > ======================================================================= title: Multiple Critical Vulnerabilities product: NesterSoft WorkTime (on-prem/cloud) vulnerable version: <= 11.8.8 fixed version: No patch available, vendor unresponsive. CVE number: CVE-2025-15563, CVE-2025-15562, CVE-2025-15561… – Read More  – Full Disclosure 

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-4 macOS Sequoia 15.7.4 macOS Sequoia 15.7.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126349. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: macOS Sequoia Impact: An … Read More “APPLE-SA-02-11-2026-4 macOS Sequoia 15.7.4  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-5 macOS Sonoma 14.8.4 macOS Sonoma 14.8.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126350. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: macOS Sonoma Impact: An … Read More “APPLE-SA-02-11-2026-5 macOS Sonoma 14.8.4  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-6 tvOS 26.3 tvOS 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126351. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Bluetooth Available for: Apple TV HD and Apple TV … Read More “APPLE-SA-02-11-2026-6 tvOS 26.3  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-7 watchOS 26.3 watchOS 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126352. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Bluetooth Available for: Apple Watch Series 6 and later … Read More “APPLE-SA-02-11-2026-7 watchOS 26.3  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-8 visionOS 26.3 visionOS 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126353. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: Apple Vision Pro (all models) Impact: … Read More “APPLE-SA-02-11-2026-8 visionOS 26.3  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-9 Safari 26.3 Safari 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126354. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. CFNetwork Available for: macOS Sonoma and macOS Sequoia Impact: … Read More “APPLE-SA-02-11-2026-9 Safari 26.3  – Full Disclosure” »

  Posted by Christian Zäske via Fulldisclosure on Feb 16 Advisory ID:               SYSS-2025-011 Product:                   MR9600, MX4200 (and potentially others) Manufacturer:              Linksys Affected Version(s):       1.0.4.205530 for MR9600, 1.0.13.210200 for MX4200 (and potentially others) Tested … Read More “[SYSS-2025-011] Linksys MX9600/MX4200 – OS Command Injection  – Full Disclosure” »

  Posted by Christian Zäske via Fulldisclosure on Feb 16 Advisory ID:               SYSS-2025-014 Product:                   MX4200 (and potentially others) Manufacturer:              Linksys Affected Version(s):       1.0.13.210200 (and potentially others) Tested Version(s):         1.0.13.210200 MX4200 … Read More “[SYSS-2025-014] Linksys MX4200 – Improper Verification of Source of a Communication Channel  – Full Disclosure” »

  Posted by Agent Spooky’s Fun Parade via Fulldisclosure on Feb 16 1. SUMMARY Two independently confirmed vulnerabilities in Jump Crypto’s Firedancer Solana validator (https://github.com/firedancer-io/firedancer, commit 7cd3b6dce): A) Three undefined behavior / logic bugs in QUIC transport parameter processing, triggerable by a malicious QUIC server with zero authentication. Enables remote connection kill or hang. B) … Read More “Firedancer Solana Validator – QUIC Transport Parameter UB and Consensus-Splitting Cast Bug  – Full Disclosure” »

  Posted by Darsh Naik on Feb 16 🔓 The Attack Path — No Login, SYSTEM Access 1. Boot into setup.exe (via USB, PXE, or OOBM like Intel vPro). 2. Click “Repair your computer” → Enter WinRE. 3. Press Shift + F10 → SYSTEM-level Command Prompt. 4. From there, attacker can: – Run `net user` … Read More “🚨 Public Disclosure: Remote BitLocker Bypass via Intel AMT — SYSTEM Access Without Login  – Full Disclosure” »

  Posted by Hanno Böck on Feb 16 During tests of electronic invoicing tools, I discovered multiple XXE and Blind XXE vulnerabilities in online tools parsing electronic invoices in XML formats. While most of the affected tools have fixed these vulnerabilities, two online tools remain vulnerable to Blind XXE attacks, allowing exfiltration of files. Disclosure … Read More “Blind XXE in Electronic Invoice online tools (validator.invoice-portal.de, xrechnung.rib.de)  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-1 iOS 26.3 and iPadOS 26.3 iOS 26.3 and iPadOS 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126346. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: … Read More “APPLE-SA-02-11-2026-1 iOS 26.3 and iPadOS 26.3  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-2 iOS 18.7.5 and iPadOS 18.7.5 iOS 18.7.5 and iPadOS 18.7.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/126347. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: … Read More “APPLE-SA-02-11-2026-2 iOS 18.7.5 and iPadOS 18.7.5  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-3 macOS Tahoe 26.3 macOS Tahoe 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126348. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Admin Framework Available for: macOS Tahoe Impact: … Read More “APPLE-SA-02-11-2026-3 macOS Tahoe 26.3  – Full Disclosure” »

  Posted by privexploits via Fulldisclosure on Feb 16 Advisory: Authenticated Remote Code Execution in pfSense CECVEs: CVE-2025-69690, CVE-2025-69691 Researcher: Nelson Adhepeau (privexploits () protonmail com) Date: February 2026 == RESPONSIBLE DISCLOSURE NOTICE == This advisory is published in accordance with responsible disclosure practices.  The vendor was notified on December 2, 2025, acknowledged the reports, … Read More “[Full Disclosure] CVE-2025-69690 & CVE-2025-69691 — Authenticated RCE in Netgate pfSense CE 2.7.2 and 2.8.0  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 16 SEC Consult Vulnerability Lab Security Advisory < 20260212-0 > ======================================================================= title: Multiple Vulnerabilities             product: Various Solax Power Pocket WiFi models  vulnerable version: See section below       fixed version: See section below         … Read More “SEC Consult SA-20260212-0 :: Multiple Vulnerabilities in various Solax Power Pocket WiFi models  – Full Disclosure” »

  Posted by Asterisk Development Team via Fulldisclosure on Feb 07 The Asterisk Development Team would like to announce security release Certified Asterisk 20.7-cert9. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/certified-20.7-cert9 and https://downloads.asterisk.org/pub/telephony/certified-asterisk Repository: https://github.com/asterisk/asterisk Tag: certified-20.7-cert9 ## Change Log for Release asterisk-certified-20.7-cert9 ###… – Read More  – Full Disclosure 

  Posted by Asterisk Development Team via Fulldisclosure on Feb 07 The Asterisk Development Team would like to announce security release Asterisk 20.18.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/20.18.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 20.18.2 ## Change Log for Release asterisk-20.18.2 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

  Posted by Asterisk Development Team via Fulldisclosure on Feb 07 The Asterisk Development Team would like to announce security release Asterisk 22.8.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/22.8.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 22.8.2 ## Change Log for Release asterisk-22.8.2 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

  Posted by Asterisk Development Team via Fulldisclosure on Feb 07 The Asterisk Development Team would like to announce security release Asterisk 21.12.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/21.12.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 21.12.1 ## Change Log for Release asterisk-21.12.1 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

  Posted by Asterisk Development Team via Fulldisclosure on Feb 07 The Asterisk Development Team would like to announce security release Asterisk 23.2.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/23.2.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 23.2.2 ## Change Log for Release asterisk-23.2.2 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

  Posted by Egidio Romano on Feb 04 ————————————————————————— Blesta <= 5.13.1 (confirm_url) Reflected Cross-Site Scripting Vulnerability ————————————————————————— [-] Software Link: https://www.blesta.com [-] Affected Versions: All versions from 3.2.0 to 5.13.1. [-] Vulnerability Description: User input passed through the “confirm_url” GET parameter to the… – Read More  – Full Disclosure 

  Posted by Egidio Romano on Feb 04 ——————————————————————————– Blesta <= 5.13.1 (Admin Interface) Multiple PHP Object Injection Vulnerabilities ——————————————————————————– [-] Software Link: https://www.blesta.com [-] Affected Versions: All versions from 3.0.0 to 5.13.1. [-] Vulnerabilities Description: The vulnerabilities exist because user input passed through the… – Read More  – Full Disclosure 

  Posted by Egidio Romano on Feb 04 ————————————————————————– Blesta <= 5.13.1 (2Checkout) Multiple PHP Object Injection Vulnerabilities ————————————————————————– [-] Software Link: https://www.blesta.com [-] Affected Versions: All versions from 3.0.0 to 5.13.1. [-] Vulnerabilities Description: The vulnerabilities exist because user input passed through the… – Read More  – Full Disclosure 

  Posted by Thomas Weber | CyberDanube via Fulldisclosure on Feb 04 CyberDanube Security Research 20260119-0 ——————————————————————————- title| Authenticated Command Injection product| TC Router 5004T-5G EU vulnerable version| 1.06.18 fixed version| 1.06.23 CVE number| CVE-2025-41717 impact| High homepage| https://www.phoenixcontact.com/ found| 16.04.2025… – Read More  – Full Disclosure 

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 04 SEC Consult Vulnerability Lab Security Advisory < 20260202-0 > ======================================================================= title: Multiple vulnerabilities product: Native Instruments – Native Access (MacOS) vulnerable version: verified up to 3.22.0 fixed version: n/a CVE number: CVE-2026-24070, CVE-2026-24071              impact: high homepage:… – Read … Read More “SEC Consult SA-20260202-0 :: Multiple vulnerabilities in Native Instruments Native Access (MacOS)  – Full Disclosure” »

  Posted by Karol Wrótniak on Jan 29 Summary ======= A vulnerability was discovered in the popular JavaScript library ‘validator’. The isLength() function incorrectly handles Unicode Variation Selectors (U+FE0E and U+FE0F). An attacker can inject thousands of these zero-width characters into a string, causing the library to report a much smaller perceived length than the … Read More “CVE-2025-12758: Unicode Variation Selectors Bypass in ‘validator’ library (isLength)  – Full Disclosure” »

  Posted by Andrey Stoykov on Jan 29 Hi. I would like to publish my paper for exploiting XAMPP installations. Thanks, Andrey – Read More  – Full Disclosure 

  Posted by Andrey Stoykov on Jan 29 # Exploit Title: Elgg – Lack of Password Complexity # Date: 1/2026 # Exploit Author: Andrey Stoykov # Version: 6.3.3 # Tested on: Ubuntu 22.04 # Blog: https://msecureltd.blogspot.com/2026/01/friday-fun-pentest-series-48-weak.html // HTTP Request – Changing Password POST /action/usersettings/save HTTP/1.1 Host: elgg.local User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:148.0) … Read More “Weak Password Complexity – elggv6.3.3  – Full Disclosure” »

  Posted by Andrey Stoykov on Jan 29 # Exploit Title: Elgg – Username Enumeration # Date: 1/2026 # Exploit Author: Andrey Stoykov # Version: 6.3.3 # Tested on: Ubuntu 22.04 # Blog: https://msecureltd.blogspot.com/2026/01/friday-fun-pentest-series-47-lack-of.html // HTTP Request – Resetting Password – Valid User POST /action/user/requestnewpassword HTTP/1.1 Host: elgg.local User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; … Read More “Username Enumeration – elggv6.3.3  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jan 26 SEC Consult Vulnerability Lab Security Advisory < 20260126-0 > ======================================================================= title: Multiple Critical Vulnerabilities product: dormakaba Kaba exos 9300 vulnerable version: < 4.4.1 fixed version: 4.4.1 CVE number: CVE-2025-59090, CVE-2025-59091, CVE-2025-59092 CVE-2025-59093, CVE-2025-59094, CVE-2025-59095… – Read More  – Full Disclosure 

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jan 26 SEC Consult Vulnerability Lab Security Advisory < 20260126-1 > ======================================================================= title: Multiple Critical Vulnerabilities product: dormakaba Access Manager vulnerable version: Multiple firmware and hardware revisions (details below) fixed version: Multiple firmware and hardware revisions (details below)          CVE number: CVE-2025-59097,… – … Read More “SEC Consult SA-20260126-1 :: Multiple Critical Vulnerabilities in dormakaba Access Manager  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jan 26 SEC Consult Vulnerability Lab Security Advisory < 20260126-2 > ======================================================================= title: UART Leaking Sensitive Data             product: dormakaba registration unit 9002 (PIN pad) vulnerable version: <SW0039       fixed version: SW0039          CVE number: … Read More “SEC Consult SA-20260126-2 :: UART Leaking Sensitive Data in dormakaba registration unit 9002 (PIN pad)  – Full Disclosure” »

  Posted by Marco Ermini via Fulldisclosure on Jan 26 Hello everyone, Kindly let me introduce myself. This is the first – and potentially, last – message on this mailing list. I am Marco, the CISO of EQS Group. Kindly allow me to address some of the statements expressed publicly here. About the Convercent application … Read More “Re: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)  – Full Disclosure” »

  Posted by Yuffie Kisaragi via Fulldisclosure on Jan 26 Dear Art, Thank you for sharing your detailed evaluation and for pointing out the relevant sections of the CNA Rules. Your argument is well reasoned, particularly with respect to the current guidance on SaaS and exclusively hosted services. I have forwarded your evaluation to the … Read More “Re: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)  – Full Disclosure” »

  Posted by BUG on Jan 21 #### Title:OpenMetadata <= 1.11.3 Authenticated SQL Injection #### Affected versions: <= 1.11.3 #### Credits: echo #### Vendor: https://open-metadata.org/ OpenMetadata versions 1.11.3 and earlier are vulnerable to an authenticated SQL injection issue. Low-privileged users can exploit this vulnerability to gain unauthorized access to the database in the context of … Read More “OpenMetadata” »

  Posted by Wade Sparks on Jan 21 Hello Yuffie, Upon further investigation, the VulnCheck CNA determined that these vulnerabilities were not suitable for CVE assignment. The vulnerabilities exist within a SaaS product and are mitigated at the CSP-level which in this case, would be the vendor, EQS Group. Rather than contribute unactionable CVE records, … Read More “Re: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)  – Full Disclosure” »

  Posted by Matteo Beccati on Jan 14 ======================================================================== Revive Adserver Security Advisory REVIVE-SA-2026-001 ———————————————————————— https://www.revive-adserver.com/security/revive-sa-2026-001 ———————————————————————— Date: 2026-01-14 Risk Level: High Applications affected: Revive… – Read More  – Full Disclosure 

  Posted by Stefan Kanthak via Fulldisclosure on Jan 10 Hi @ll, the following is a condensed form of <https://skanthak.hier-im-netz.de/whispers.html#whisper3> and <https://skanthak.hier-im-netz.de/whispers.html#whisper4>. Windows Vista moved the shared start menu from “%ALLUSERSPROFILE%Start Menu” to “%ProgramData%MicrosoftWindowsStart Menu”, with some shortcuts (*.lnk) “reflected” from the (immutable) component store below %SystemRoot%WinSxS JFTR:… – Read More  – Full Disclosure 

  Posted by Ron E on Jan 10 A global buffer overflow vulnerability exists in the TinyOS printfUART implementation used within the ZigBee / IEEE 802.15.4 networking stack. The issue arises from an unsafe custom sprintf() routine that performs unbounded string concatenation using strcat() into a fixed-size global buffer. The global buffer debugbuf, defined with … Read More “TinyOS 2.1.2 printfUART Global Buffer Overflow via Unbounded Format Expansion  – Full Disclosure” »

  Posted by Ron E on Jan 10 A stack-based buffer overflow vulnerability exists in the mcp2200gpio utility due to unsafe use of strcpy() and strcat() when constructing device paths during automatic device discovery. A local attacker can trigger the vulnerability by creating a specially crafted filename under /dev/usb/, resulting in stack memory corruption and … Read More “TinyOS 2.1.2 Stack-Based Buffer Overflow in mcp2200gpio  – Full Disclosure” »

  Posted by Ron E on Jan 10 A stack-based buffer overflow vulnerability exists in the tapslip6 utility distributed with RIOT OS (and derived from the legacy uIP/Contiki networking tools). The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. Specifically, tapslip6 uses strcpy() … Read More “RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility via Unbounded Device Path Construction  – Full Disclosure” »

  Posted by Ron E on Jan 10 A stack-based buffer overflow vulnerability exists in the RIOT OS ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming frame bytes are appended to a fixed-size stack buffer (serial->frame) without verifying that the current … Read More “RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in RIOT ethos Serial Frame Parser  – Full Disclosure” »

  Posted by Art Manion via Fulldisclosure on Jan 10 Hi, CVE IDs *can* be assigned for SaaS or similarly “cloud only” software. For a period of time, there was a restriction that only the provider could make or request such an assignment. But the current CVE rules remove this restriction: 4.2.3 CNAs MUST NOT … Read More “Re: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)  – Full Disclosure” »

  Posted by KoreLogic Disclosures via Fulldisclosure on Jan 08 KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking Title: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking Advisory ID: KL-001-2026-001 Publication Date: 2026-01-08 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2026-001.txt 1. Vulnerability Details      Affected Vendor: yintibao      Affected Product: Fun Print Mobile   … Read More “KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking  – Full Disclosure” »

  Posted by Ron E on Jan 05 Panda3D’s egg-mkfont utility contains an uncontrolled format string vulnerability that allows disclosure of stack-resident memory. The -gp (glyph pattern) command-line option allows users to specify a formatting pattern intended for generating glyph texture filenames. This pattern is passed directly as the format string to sprintf() without validation … Read More “Panda3d v1.10.16 Uncontrolled Format String in Panda3D egg-mkfont Allows Stack Memory Disclosure  – Full Disclosure” »

  Posted by duykham on Jan 05 Hello Full Disclosure, I would like to disclose a security vulnerability identified in a smartphone application: *Koller Secret: Real Hidden App*. This report is shared in the interest of responsible disclosure and improving overall security awareness. — *Summary* – Application: Koller Secret: Real Hidden App – Package / … Read More “Security Vulnerability in Koller Secret: Real Hidden App (com.koller.secret.hidemyphoto)  – Full Disclosure” »

  Posted by malvuln on Jan 05 SigInt-Hombre, generates derived Suricata detection rules from live URLhaus threat indicators at runtime and deploy them to the Security Onion platform for high-coverage real-time network monitoring. https://github.com/malvuln/sigint-hombre What it does: Pulls the public URLhaus feed in real time (not mirrored or redistributed) Skips: Comments, empty lines, malformed URLs, … Read More “SigInt-Hombre v1 / dynamic Suricata detection rules from real-time threat feeds  – Full Disclosure” »