Category: Alert Feeds

  Posted by Egidio Romano on Dec 27 —————————————————————– PKP-WAL <= 3.5.0-1 (baseColour) LESS Code Injection Vulnerability —————————————————————– [-] Software Links: https://pkp.sfu.ca https://github.com/pkp/pkp-lib [-] Affected Versions: PKP Web Application Library (aka PKP-WAL or pkp-lib) version 3.4.0-9 and prior versions, and version 3.5.0-1 and prior versions, as used in Open Journal… – Read More  – Full Disclosure 

  Posted by Egidio Romano on Dec 27 ———————————————————————– PKP-WAL <= 3.5.0-3 (X-Forwarded-Host) LESS Code Injection Vulnerability ———————————————————————– [-] Software Links: https://pkp.sfu.ca https://github.com/pkp/pkp-lib [-] Affected Versions: PKP Web Application Library (aka PKP-WAL or pkp-lib) version 3.4.0-10 and prior versions, and version 3.5.0-3 and prior versions, as… – Read More  – Full Disclosure 

  Posted by Egidio Romano on Dec 27 —————————————————————– PKP-WAL <= 3.5.0-1 Login Cross-Site Request Forgery Vulnerability —————————————————————– [-] Software Links: https://pkp.sfu.ca https://github.com/pkp/pkp-lib [-] Affected Versions: Version 3.3.0-21 and prior versions. Version 3.4.0-9 and prior versions. Version 3.5.0-1 and prior versions. [-] Vulnerability Description: Open… – Read More  – Full Disclosure 

  Posted by malvuln on Dec 27 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/086f0693f81f6d40460c215717349a1f.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Backdoor.Win32.Netbus.170 Vulnerability: Insecure Credential Storage Family: Netbus Type: PE32 Attack-pattern TTP: Unsecured Credentials (T1552) MD5: 086f0693f81f6d40460c215717349a1f… – Read More  – Full Disclosure 

  Posted by malvuln on Dec 27 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/3d9821cbe836572410b3c5485a7f76ca.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Backdoor.Win32.Poison.jh Vulnerability: Insecure Permissions Description: The malware creates the directory 28463 under C:WindowsSysWOW64, granting Full (F) permissions to the Everyone… – Read More  – … Read More “Backdoor.Win32.Poison.jh / Insecure Permissions  – Full Disclosure” »

  Posted by Egidio Romano on Dec 27 ———————————————————————- PKP-WAL <= 3.5.0-1 (Institution Collector) SQL Injection Vulnerability ———————————————————————- [-] Software Links: https://pkp.sfu.ca https://github.com/pkp/pkp-lib [-] Affected Versions: PKP Web Application Library (aka PKP-WAL or pkp-lib) version 3.4.0-9 and prior versions, and version 3.5.0-1 and prior versions, as used… – Read More  – Full Disclosure 

  Posted by Egidio Romano on Dec 27 ——————————————————————————————— Open Journal Systems <= 3.5.0-1 (NativeXmlIssueGalleyFilter.php) Path Traversal Vulnerability ——————————————————————————————— [-] Software Links: https://pkp.sfu.ca/software/ojs/ https://github.com/pkp/ojs [-] Affected Versions: Version 3.3.0-21 and prior versions. Version 3.4.0-9 and… – Read More  – Full Disclosure 

  Posted by malvuln on Dec 22 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/b2e50fa38510a5ea8e11f614b1c1d0d5.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: HEUR.Backdoor.Win32.Poison.gen Vulnerability: Arbitrary Code Execution Description: The malware looks for and executes a x32-bit “WININET.dll” PE file in its current directory…. – Read More  … Read More “HEUR.Backdoor.Win32.Poison.gen / Arbitrary Code Execution / MVID-2025-0701  – Full Disclosure” »

  Posted by malvuln on Dec 22 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/b2e50fa38510a5ea8e11f614b1c1d0d5.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: HEUR.Backdoor.Win32.Poison.gen Vulnerability: Arbitrary Code Execution Description: The malware looks for and executes a x32-bit “WININET.dll” PE file in its current directory…. – Read More  … Read More “HEUR.Backdoor.Win32.Poison.gen / Arbitrary Code Execution / MVID-2025-0701  – Full Disclosure” »

  Posted by malvuln on Dec 22 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/b2e50fa38510a5ea8e11f614b1c1d0d5.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: HEUR.Backdoor.Win32.Poison.gen Vulnerability: Arbitrary Code Execution Description: The malware looks for and executes a x32-bit “WININET.dll” PE file in its current directory…. – Read More  … Read More “HEUR.Backdoor.Win32.Poison.gen / Arbitrary Code Execution / MVID-2025-0701  – Full Disclosure” »

  Posted by malvuln on Dec 22 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/6c0eda1210da81b191bd970cb0f8660a.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Backdoor.Win32.ControlTotal.t Vulnerability: Insecure Credential Storage Description: The malware listens on TCP port 2032 and requires authentication. The password “jdf4df4vdf”… – Read More  – Full … Read More “Backdoor.Win32.ControlTotal.t / Insecure Credential Storage / MVID-2025-0702  – Full Disclosure” »

  Posted by malvuln on Dec 22 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/6c0eda1210da81b191bd970cb0f8660a.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Backdoor.Win32.ControlTotal.t Vulnerability: Insecure Credential Storage Description: The malware listens on TCP port 2032 and requires authentication. The password “jdf4df4vdf”… – Read More  – Full … Read More “Backdoor.Win32.ControlTotal.t / Insecure Credential Storage / MVID-2025-0702  – Full Disclosure” »

  Posted by malvuln on Dec 22 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/6c0eda1210da81b191bd970cb0f8660a.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Backdoor.Win32.ControlTotal.t Vulnerability: Insecure Credential Storage Description: The malware listens on TCP port 2032 and requires authentication. The password “jdf4df4vdf”… – Read More  – Full … Read More “Backdoor.Win32.ControlTotal.t / Insecure Credential Storage / MVID-2025-0702  – Full Disclosure” »

  Posted by Stefan Kanthak via Fulldisclosure on Dec 22 Hi @ll, since 30 years Microsoft ships Windows with “Windows Script Host”, an empty registry key and the following registry entries: [HKEY_CURRENT_USERSoftwareMicrosoftWindows Script HostSettings] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Script HostSettings] “ActiveDebugging”=”1” “DisplayLogo”=”1” “SilentTerminate”=”0” “UseWINSAFER”=”1” The… – Read More  – Full Disclosure 

  Posted by Andraz Sraka on Dec 17 MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMN..-..–+MMNy:…-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MM:..—.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM Mm../dds.-oy.-.dMh–mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM My:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohM MMMs//yMNo+hMh—m:-:hy+sMN..+Mo..os+.-:Ny–ossssdN-.:yyo+mM… – Read More  – Full Disclosure 

  Posted by LRKTBEYK LRKTBEYK on Dec 17 I tried to report these vulnerabilities to ImmuneFi, but they closed it (report 62070) as “out of scope.” I believe them when they tell me something is out of scope, so now it’s public. https://github.com/raydium-io/raydium-cp-swap/pull/62 These vulnerabilities collectively enable fee theft, creator fee hijacking, and potential user … Read More “Raydium CP Swap: Unchecked Account Allows Creator Fee Hijacking  – Full Disclosure” »

  Posted by Egidio Romano on Dec 17 ———————————————————————————— Control Web Panel <= 0.9.8.1208 (admin/index.php) OS Command Injection Vulnerability ———————————————————————————— [-] Software Link: https://control-webpanel.com [-] Affected Versions: Version 0.9.8.1208 and prior versions. [-] Vulnerability Description: User input passed via the “key” GET… – Read More  – Full Disclosure 

  Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 17 CyberDanube Security Research 20251215-0 ——————————————————————————- title| Multiple Vulnerabilities product| FL Switch vulnerable version| 3.40 fixed version| TODO CVE number| CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, | CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, | CVE-2025-41745,… – Read More  – Full Disclosure 

  Posted by Onur Tezcan via Fulldisclosure on Dec 15 [Attack Vectors]       > It was detected that a Stored XSS vulnerability in the “Content Management” > “Blog posts” area. Malicious HTML/JavaScript added to the Body overview field of a blog post is stored in the backend and executes when the blog page is visited (http://localhost/blog/) … Read More “nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area  – Full Disclosure” »

  Posted by Onur Tezcan via Fulldisclosure on Dec 15 [Attack Vectors]       > It was detected that a Stored XSS vulnerability on the “Currencies” functionality, specifically on the following input field: “Configuration > Currencies > Edit one of the currencies > “Custom formatting” input field. After saving the payload, the vulnerability can be triggered by … Read More “nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality.  – Full Disclosure” »

  Posted by Onur Tezcan via Fulldisclosure on Dec 15 [Attack Vectors]       > It was detected that multiple Stored Cross-Site Scripting (Stored XSS) vulnerabilities in the product management functionality. Malicious JavaScript payloads inserted into the “Product Name” and “Short Description” fields are stored in the backend database and executed automatically whenever a user (administrator or … Read More “nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality  – Full Disclosure” »

  Posted by Onur Tezcan via Fulldisclosure on Dec 15 [Attack Vectors]       > It was identified Cross-Site Request Forgery (CSRF) vulnerability on the “Run now” button of Schedule tasks functionality. Exploiting this vulnerability, an attacker can run a scheduled task without the victim users consent or knowledge. Assigned CVE code:       > CVE-2025-65593 [Discoverer]       > AlterSec … Read More “nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality  – Full Disclosure” »

  Posted by Egidio Romano on Dec 15 —————————————————————————– Bitrix24 <= 25.100.300 (Translate Module) Remote Code Execution Vulnerability —————————————————————————– [-] Software Link: https://www.bitrix24.com [-] Affected Versions: Version 25.100.300 and prior versions. [-] Vulnerability Description: The vulnerability is located within the “Translate Module”,… – Read More  – Full Disclosure 

  Posted by Egidio Romano on Dec 15 —————————————————————————— 1C-Bitrix <= 25.100.500 (Translate Module) Remote Code Execution Vulnerability —————————————————————————— [-] Software Link: https://www.1c-bitrix.ru [-] Affected Versions: Version 25.100.500 and prior versions. [-] Vulnerability Description: The vulnerability is located within the “Translate… – Read More  – Full Disclosure 

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-2 iOS 18.7.3 and iPadOS 18.7.3 iOS 18.7.3 and iPadOS 18.7.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/125885. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleJPEG Available for: … Read More “APPLE-SA-12-12-2025-2 iOS 18.7.3 and iPadOS 18.7.3  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-3 macOS Tahoe 26.2 macOS Tahoe 26.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/125886. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. App Store Available for: macOS Tahoe Impact: … Read More “APPLE-SA-12-12-2025-3 macOS Tahoe 26.2  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-4 macOS Sequoia 15.7.3 macOS Sequoia 15.7.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/125887. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleJPEG Available for: macOS Sequoia Impact: Processing … Read More “APPLE-SA-12-12-2025-4 macOS Sequoia 15.7.3  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-5 macOS Sonoma 14.8.3 macOS Sonoma 14.8.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/125888. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleJPEG Available for: macOS Sonoma Impact: Processing … Read More “APPLE-SA-12-12-2025-5 macOS Sonoma 14.8.3  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-6 tvOS 26.2 tvOS 26.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/125889. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleJPEG Available for: Apple TV HD and Apple TV … Read More “APPLE-SA-12-12-2025-6 tvOS 26.2  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-7 watchOS 26.2 watchOS 26.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/125890. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. App Store Available for: Apple Watch Series 6 and … Read More “APPLE-SA-12-12-2025-7 watchOS 26.2  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-8 visionOS 26.2 visionOS 26.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/125891. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. App Store Available for: Apple Vision Pro (all models) … Read More “APPLE-SA-12-12-2025-8 visionOS 26.2  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-9 Safari 26.2 Safari 26.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/125892. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Safari Available for: macOS Sonoma and macOS Sequoia Impact: … Read More “APPLE-SA-12-12-2025-9 Safari 26.2  – Full Disclosure” »

  Posted by Yuffie Kisaragi via Fulldisclosure on Dec 15 UPDATE: The reported vulnerabilities have now been assigned CVE identifiers: CVE-2025-34411: https://www.cve.org/cverecord?id=CVE-2025-34411 [https://www.cve.org/cverecord?id=CVE-2025-34411] CVE-2025-34412: https://www.cve.org/cverecord?id=CVE-2025-34412 [https://www.cve.org/cverecord?id=CVE-2025-34412] – Read More  – Full Disclosure 

  Posted by Onur Tezcan via Fulldisclosure on Dec 15 [Attack Vectors]       > It was detected that a Stored XSS vulnerability in the Attributes management workflow. An attacker can insert JavaScript into the Name field when adding a new Attribute Group (Catalog > Attributes > Specification attributes > Add Group > Name input field). To … Read More “nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality  – Full Disclosure” »

  Posted by Yuffie Kisaragi via Fulldisclosure on Dec 05 Advisory ID: CONVERCENT-2025-001 Title: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group) Date: 2025-12-04 Vendor: EQS Group Product: Convercent Whistleblowing Platform (app.convercent.com) Severity: Critical CVSS v4.0 Base Score: 9.3 Vector: AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N Summary A series of security weaknesses were identified in … Read More “Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)  – Full Disclosure” »

  Posted by Aerith Gainsborough via Fulldisclosure on Dec 01 Advisory ID: LEGALITYWHISTLEBLOWING-2025-001 Title: Missing Critical Security Headers in Legality WHISTLEBLOWING Date: 2025-11-29 Vendor: DigitalPA (segnalazioni.net) Severity: High CVSS v3.1 Base Score: 8.2 (High) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N Summary: Multiple public deployments of Legality WHISTLEBLOWING by DigitalPA are missing essential HTTP security headers. This misconfiguration exposes users … Read More “Missing Critical Security Headers in Legality WHISTLEBLOWING  – Full Disclosure” »

  Posted by Matteo Beccati on Dec 01 ======================================================================== Revive Adserver Security Advisory REVIVE-SA-2025-005 ———————————————————————— https://www.revive-adserver.com/security/revive-sa-2025-005 ———————————————————————— Date: 2025-11-26 Risk Level: Medium Applications affected: Revive… – Read More  – Full Disclosure 

  Posted by Pierre Kim on Dec 01 ## Advisory Information Title: 2 vulnerabilities in Egovframe Advisory URL: https://pierrekim.github.io/advisories/2025-egovframe.txt Blog URL: https://pierrekim.github.io/blog/2025-11-20-egovframe-2-vulnerabilities.html Date published: 2025-11-20 Vendors contacted: KISA/KrCERT Release mode: Released CVE: CVE-2025-34336, CVE-2025-34337 ## Product description Egovframe is a Java-based framework mainly used in the websites of the Government of… – Read More  – Full … Read More “2 vulnerabilities in Egovframe  – Full Disclosure” »

  Posted by Pierre Kim on Dec 01 ## Advisory Information Title: 8 vulnerabilities in AudioCodes Fax/IVR Appliance Advisory URL: https://pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txt Blog URL: https://pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilities.html Date published: 2025-11-20 Vendors contacted: Audiocodes Release mode: Released CVE: CVE-2025-34328, CVE-2025-34329, CVE-2025-34330, CVE-2025-34331, CVE-2025-34332, CVE-2025-34333,… – Read More  – Full Disclosure 

  Posted by Micha Borrmann via Fulldisclosure on Nov 19 Advisory ID: SYSS-2025-059 Product: Dell computer Manufacturer: Dell Affected Version(s): Probably all Dell computers Tested Version(s): Latitude 5431 (BIOS 1.33.1), Latitude 7320 (BIOS 1.44.1), Latitude 7400 (BIOS 1.41.1), Latitude 7480 (BIOS 1.41.3), Latitude 9430 (BIOS… – Read More  – Full Disclosure 

  Posted by Matteo Beccati on Nov 19 ======================================================================== Revive Adserver Security Advisory REVIVE-SA-2025-003 ———————————————————————— https://www.revive-adserver.com/security/revive-sa-2025-003 ———————————————————————— Date: 2025-11-05 Risk Level: High Applications affected: Revive… – Read More  – Full Disclosure 

  Posted by Matteo Beccati on Nov 19 ======================================================================== Revive Adserver Security Advisory REVIVE-SA-2025-004 ———————————————————————— https://www.revive-adserver.com/security/revive-sa-2025-004 ———————————————————————— Date: 2025-11-19 Risk Level: Medium Applications affected: Revive… – Read More  – Full Disclosure 

  Posted by Pierre Kim on Nov 13 No message preview for long message of 668188 bytes. – Read More  – Full Disclosure 

  Posted by Apple Product Security via Fulldisclosure on Nov 13 APPLE-SA-11-13-2025-1 Compressor 4.11.1 Compressor 4.11.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125693. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Compressor Available for: macOS Sequoia 15.6 and later Impact: … Read More “APPLE-SA-11-13-2025-1 Compressor 4.11.1  – Full Disclosure” »

  Posted by Patrick via Fulldisclosure on Nov 13 Hello Jan, You are completely right and it’s something I warned about early, which is abuse of AI-generated sensationalized headline and fake PoC-s, for fame. I urge the Full Disclosure staff to look into it. Discussions with the individual responsible seem to be fruitless, and this … Read More “Re: [FD] : “Glass Cage” – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)  – Full Disclosure” »

  Posted by Jan Schermer on Nov 07 I looked at few repos and posts of “Joseph Goydish”. It all seems to be thinly veiled AI slop and BS. Cited vulns are not attributed to him really and those chains don’t make a lot of sense. Screen recordings look suspicious, some versions reference High Sierra … Read More “Re: : “Glass Cage” – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)  – Full Disclosure” »

  Posted by Joseph Goydish II via Fulldisclosure on Nov 07 Hey Patrick, I understand the doubt. However… what’s not slop is reproducible logs I provided a video of and the testable, working exploit I provided. Neither is the upstream patches that can be tracked from the disclosure dates to the cve’s listed in the … Read More “Re: [FD] : “Glass Cage” – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Nov 07 APPLE-SA-11-05-2025-1 iOS 18.7.2 and iPadOS 18.7.2 iOS 18.7.2 and iPadOS 18.7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/125633. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: … Read More “APPLE-SA-11-05-2025-1 iOS 18.7.2 and iPadOS 18.7.2  – Full Disclosure” »

  Posted by Martin Heiland via Fulldisclosure on Nov 07 Dear subscribers, We’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack. This advisory has also been published … Read More “OXAS-ADV-2025-0002: OX App Suite Security Advisory  – Full Disclosure” »

  Posted by Aleksa Sarai via Fulldisclosure on Nov 07 | NOTE: This advisory was sent to <security-announce () opencontainers org> | on 2025-10-16. If you ship any Open Container Initiative software, we | highly recommend that you subscribe to our security-announce list in | order to receive more timely disclosures of future security issues. … Read More “runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881  – Full Disclosure” »