Category: Alert Feeds

  Posted by josephgoyd via Fulldisclosure on Oct 02 Updated repo location: https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201 Working exploit: https://www.dropbox.com/scl/fi/oerpnhq1ui3xfswsszfh2/Audio-clip.amr?rlkey=7n54m1o84poezyipxvd2f9slx&st=b1tkonvr&dl=0 – Read More  – Full Disclosure 

  Posted by josephgoyd via Fulldisclosure on Oct 02 Updated repo location: https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201 Working exploit: https://www.dropbox.com/scl/fi/ech6wdnpnyscbfiu2o8zh/IMG_1118.png?rlkey=jna5uo6aihs6tfbwtsk8fw7em&st=8c56raq8&dl=0 – Read More  – Full Disclosure 

  Posted by Ron E on Sep 30 A heap buffer overflow vulnerability exists in the geotifcp utility, distributed as part of libgeotiff. The flaw occurs in the function cpContig2ContigByRow_8_to_4 when processing TIFF images with an odd ImageWidth and using the -d option (downsampling from 8-bit to 4-bit). During conversion, the function iterates over pixels … Read More “libgeotiff 1.7.4 Heap Buffer Overflow in geotifcp (libgeotiff) During 8-to-4 Bit Downsample with Odd Image Width  – Full Disclosure” »

  Posted by Ron E on Sep 30 In the samtools coverage subcommand, the -w / –n-bins option allows the user to specify how many “bins” to produce in the coverage histogram. The code computes: stats[tid].bin_width = (stats[tid].end – stats[tid].beg) / n_bins; When the number of bins (n_bins) is extremely large relative to the region … Read More “Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow  – Full Disclosure” »

  Posted by Ron E on Sep 30 A denial-of-service vulnerability exists in Samtools and the underlying HTSlib when processing BED files containing extremely large interval values. The bed_index_core() function in bedidx.c uses the interval end coordinate to calculate allocation size without sufficient validation. By supplying a BED record with a crafted end coordinate (e.g., … Read More “Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1 macOS Sonoma 14.8.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125330. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: macOS Sonoma Impact: Processing … Read More “APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-6 visionOS 26.0.1 visionOS 26.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125338. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: Apple Vision Pro Impact: Processing a … Read More “APPLE-SA-09-29-2025-6 visionOS 26.0.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1 iOS 26.0.1 and iPadOS 26.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125326. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: … Read More “APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1 iOS 18.7.1 and iPadOS 18.7.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125327. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: … Read More “APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1 macOS Tahoe 26.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125328. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: macOS Tahoe Impact: Processing … Read More “APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1 macOS Sequoia 15.7.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125329. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: macOS Sequoia Impact: Processing … Read More “APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 25 SEC Consult Vulnerability Lab Security Advisory < 20250925-0 > ======================================================================= title: Multiple Vulnerabilities product: iMonitorSoft EAM vulnerable version: iMonitor EAM 9.6394 fixed version: – CVE number: CVE-2025-10540, CVE-2025-10541, CVE-2025-10542 impact: Critical homepage:… – Read More  – Full Disclosure 

  Posted by Antoine Martin via Fulldisclosure on Sep 25 1) About Xpra Xpra is known as “screen for X11”. https://xpra.org/ “Xpra forwards and synchronizes many extra desktop features, which allows remote applications to integrate transparently into the client’s desktop environment: audio input and output, printers, clipboard, system trays, notifications, webcams, etc.” 2) Vulnerability Using … Read More “xpra server information disclosure  – Full Disclosure” »

  Posted by Thomas Weber | CyberDanube via Fulldisclosure on Sep 25 CyberDanube Security Research 20250909-0 ——————————————————————————- title| Reflected XSS product| ATV 630 vulnerable version| “see Vulnerable versions” fixed version| none CVE number| CVE-2025-7746 impact| Medium homepage| https://www.se.com/ found| 2025-03-11 by| T…. – Read More  – Full Disclosure 

  Posted by Thomas Weber | CyberDanube via Fulldisclosure on Sep 25 CyberDanube Security Research 20250919-0 ——————————————————————————- title| Multiple Vulnerabilities in Novakon HMI Series product| Novakon Touch Screen HMI P Series vulnerable version| P – V2001.A.c518o2 fixed version| – CVE number| CVE-2025-9962, CVE-2025-9963, CVE-2025-9964, | CVE-2025-9965, CVE-2025-9966… – Read More  – Full Disclosure 

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 25 SEC Consult Vulnerability Lab Security Advisory < 20250923-0 > ======================================================================= title: Missing Certificate Validation leading to RCE product: CleverControl employee monitoring software vulnerable version: 11.5.1041.6 fixed version: – CVE number: CVE-2025-10548 impact: high homepage: https://clevercontrol.com… – Read More  – Full Disclosure 

  Posted by Burning River Cyber Con via Fulldisclosure on Sep 22 Burning River CyberCon is seeking submissions for our 2025 conference. We’re looking for presentations on all things infosec, from vulnerability research and exploit development to red teaming and security automation. Key Details: – CFP Link: https://burningrivercybercon.com/call-for-papers – CFP Closes: October 1, 2025 – … Read More “[CFP] Burning River Cyber Con ’25 – Cleveland, OH  – Full Disclosure” »

  Posted by Andrey Stoykov on Sep 22 # Exploit Title: Current Password not Required When Changing Password – flatpressv1.4.1 # Date: 09/2025 # Exploit Author: Andrey Stoykov # Version: 1.4.1 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/2025/09/friday-fun-pentest-series-42-current.html Current Password not Required When Changing Password: Steps to Reproduce: – Login with admin user and … Read More “Current Password not Required When Changing Password – flatpressv1.4.1  – Full Disclosure” »

  Posted by Andrey Stoykov on Sep 22 # Exploit Title: Stored HTML Injection – flatpressv1.4.1 # Date: 09/2025 # Exploit Author: Andrey Stoykov # Version: 1.4.1 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/2025/09/friday-fun-pentest-series-41-stored.html Stored HTML Injection: Steps to Reproduce: – Login with admin user and visit “Main” > “New Entry” > “Write Entry” … Read More “Stored HTML Injection – flatpressv1.4.1  – Full Disclosure” »

  Posted by Ron E on Sep 22 gmo2msg in libelf contains a stack-based buffer overflow in po/gmo2msg.c when constructing filenames from the first program argument (lang). The program uses a fixed-size local buffer (char buf[1024]) and writes into it using sprintf(buf, “%s.gmo”, lang) and sprintf(buf, “%s.msg”, lang) without validating the length of lang. Supplying … Read More “libelf 0.8.12 Stack-based buffer overflow in gmo2msg (libelf) via unbounded sprintf of lang argument  – Full Disclosure” »

  Posted by Stefan Kanthak via Fulldisclosure on Sep 22 Hi @ll, more than 2.5 years ago I posted “Defense in depth — the Microsoft way (part 82): INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2″ <https://seclists.org/fulldisclosure/2023/Feb/13> In “SRP on Windows 11” <https://seclists.org/fulldisclosure/2023/Mar/1> Andy Ful presented a persistent correction some days later. Since several … Read More “Defense in depth — the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11  – Full Disclosure” »

  Posted by Stefan Kanthak via Fulldisclosure on Sep 22 Hi @ll, since several years Microsoft installs the DLLs domain_actions.dll and well_known_domains.dll as part of their Edge browser as well as Windows’ WebView component into each and every user profile, UNPROTECTED against tampering. On Windows 11 24H2 their paths are currently “%LOCALAPPDATA%MicrosoftEdgeUser DataDomain Actions3.0.0.16domain_actions.dll” “%LOCALAPPDATA%MicrosoftEdgeUser … Read More “Defense in depth — the Microsoft way (part 94): BACKDOOR planted in AppLocker  – Full Disclosure” »

  Posted by Stefan Kanthak via Fulldisclosure on Sep 22 Hi @ll, since several years Microsoft installs the DLLs domain_actions.dll and well_known_domains.dll as part of their Edge browser as well as Windows’ WebView component into each and every user profile, UNPROTECTED against tampering. On Windows 11 24H2 their paths are currently “%LOCALAPPDATA%MicrosoftEdgeUser DataDomain Actions3.0.0.16domain_actions.dll” “%LOCALAPPDATA%MicrosoftEdgeUser … Read More “Defense in depth — the Microsoft way (part 94): BACKDOOR planted in AppLocker  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-10 visionOS 26 visionOS 26 addresses the following issues. Information about the security content is also available at https://support.apple.com/125115. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: Apple Vision Pro Impact: An app … Read More “APPLE-SA-09-15-2025-10 visionOS 26  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-11 Safari 26 Safari 26 addresses the following issues. Information about the security content is also available at https://support.apple.com/125113. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Safari Available for: macOS Sonoma and macOS Sequoia Impact: … Read More “APPLE-SA-09-15-2025-11 Safari 26  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-7 macOS Sonoma 14.8 macOS Sonoma 14.8 addresses the following issues. Information about the security content is also available at https://support.apple.com/125112. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AMD Available for: macOS Sonoma Impact: An … Read More “APPLE-SA-09-15-2025-7 macOS Sonoma 14.8  – Full Disclosure” »

  Posted by Ron E on Sep 15 Multiple functions in libvips invoke callbacks through incorrectly cast function pointers, resulting in Undefined Behavior (UB). During runtime, callbacks such as search_package, vips_class_map_all, vips_foreign_find_load_sub, vips_object_real_postbuild, and vips_area_free_cb are called through function pointer types that do not match their actual signatures. This is benign on x86-64, where calling … Read More “libvips v8.18.0 Function Pointer Type Confusion in libvips Callback Dispatch  – Full Disclosure” »

  Posted by Ron E on Sep 15 An integer overflow vulnerability exists in the LZX decompression routines of CHMLib (tested in version 0.40, latest release as of 2025). The issue occurs within lzx.c during bitstream parsing (lzx_read_lens and LZXdecompress), where crafted CHM files can supply values that cause left-shift operations to exceed the representable … Read More “CHMLIB 0.40a Integer Overflow in LZX Decompression of CHMLib  – Full Disclosure” »

  Posted by Ron E on Sep 15 A vulnerability exists in CHMLib (latest release 0.40) when parsing malformed CHM (Compiled HTML Help) files. The functions _unmarshal_int32 and _unmarshal_uint32 reconstruct 32-bit values using left shifts on signed integers without proper type casting: *dest = (*pData)[0] | (*pData)[1]<<8 | (*pData)[2]<<16 | (*pData)[3]<<24; If an attacker supplies … Read More “CHMLib 0.40a Integer Overflow in _unmarshal_int32 / _unmarshal_uint32 During CHM Header Parsing  – Full Disclosure” »

  Posted by Ron E on Sep 15 libwmf is vulnerable to an integer overflow / undefined behavior condition in multiple code paths. The affected source files (wmf.c, fig.c, svg.c) use left-shift operations on signed integers that shift into the sign bit (e.g., 1 << 31). According to the C standard, shifting a signed integer … Read More “libwmf v0.2.13 Integer Overflow in libwmf Left-Shift Operations (wmf.c, fig.c, svg.c)  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-1 iOS 26 and iPadOS 26 iOS 26 and iPadOS 26 addresses the following issues. Information about the security content is also available at https://support.apple.com/125108. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Neural Engine … Read More “APPLE-SA-09-15-2025-1 iOS 26 and iPadOS 26  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-2 iOS 18.7 and iPadOS 18.7 iOS 18.7 and iPadOS 18.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/125109. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Audio Available for: … Read More “APPLE-SA-09-15-2025-2 iOS 18.7 and iPadOS 18.7  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-3 iOS 16.7.12 and iPadOS 16.7.12 iOS 16.7.12 and iPadOS 16.7.12 addresses the following issues. Information about the security content is also available at https://support.apple.com/125141. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: … Read More “APPLE-SA-09-15-2025-3 iOS 16.7.12 and iPadOS 16.7.12  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-4 iOS 15.8.5 and iPadOS 15.8.5 iOS 15.8.5 and iPadOS 15.8.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/125142. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: … Read More “APPLE-SA-09-15-2025-4 iOS 15.8.5 and iPadOS 15.8.5  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-5 macOS Tahoe 26 macOS Tahoe 26 addresses the following issues. Information about the security content is also available at https://support.apple.com/125110. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Airport Available for: Mac Studio (2022 and … Read More “APPLE-SA-09-15-2025-5 macOS Tahoe 26  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-6 macOS Sequoia 15.7 macOS Sequoia 15.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/125111. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AMD Available for: macOS Sequoia Impact: An … Read More “APPLE-SA-09-15-2025-6 macOS Sequoia 15.7  – Full Disclosure” »

  Posted by Matthew Fernandez on Sep 10 Can you elaborate on why you consider this high severity? From the description, it sounds as if this behaviour is fail-closed. That is, the effects are limited to DoS, with security properties preserved. – Read More  – Full Disclosure 

  Posted by naphthalin via Fulldisclosure on Sep 10 “I know where your children go to school.” The web front end of the IServ school server from IServ GmbH allows user enumeration. Responses during failed login attempts differ, depending on if the user account exists, does not exist and other conditions. While this does not … Read More “User Enumeration in IServ Schoolserver Web Login  – Full Disclosure” »

  Posted by Taylor Newsome on Sep 08 Reporter: [Taylor Christian Newsome / SleepRaps () gmail com] Date: [8/21/2025] Target: Discord WebRTC / Voice Gateway API Severity: Critical 1. Executive Summary A proof-of-concept (PersistentRTC) demonstrates remote code execution (RCE) capability against Discord users. The PoC enables Arbitrary JavaScript execution in a victim’s browser context via … Read More “Critical Security Report – Remote Code Execution via Persistent Discord WebRTC Automation  – Full Disclosure” »

  Posted by Stefan Kanthak via Fulldisclosure on Sep 08 Hi @ll, this extends the two previous posts titled Defense in depth — the Microsoft way (part 90): “Digital Signature” property sheet missing without “Read Extended Attributes” access permission <https://seclists.org/fulldisclosure/2025/Jul/39> and Defense in depth — the Microsoft way (part 91): yet another 30 year old … Read More “Defense in depth — the Microsoft way (part 92): more stupid blunders of Windows’ File Explorer  – Full Disclosure” »

  Posted by Ron E on Sep 08 An integer overflow vulnerability exists in the FFmpeg cache: URL protocol implementation. The CacheEntry structure uses a 32-bit signed integer to store cache entry sizes (int size), but the cache layer can accumulate cached data exceeding 2 GB. Once entry->size grows beyond INT_MAX and new data is … Read More “FFmpeg 7.0+ Integer Overflow in FFmpeg cache: Protocol (CacheEntry::size)  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 08 SEC Consult Vulnerability Lab Security Advisory < 20250908-0 > ======================================================================= title: NFC Card Vulnerability Exploitation Leading to Free Top-Up product: KioSoft “Stored Value” Unattended Payment Solution (Mifare) vulnerable version: Current firmware/hardware as of Q2/2025 fixed version: No version numbers available CVE number:… – Read … Read More “SEC Consult SA-20250908-0 :: NFC Card Vulnerability Exploitation Leading to Free Top-Up in KioSoft “Stored Value” Unattended Payment Solution (Mifare)  – Full Disclosure” »

  Posted by Taylor Newsome on Sep 08 *To:* support () mellanox com, networking-support () nvidia com *From:* Taylor Christian Newsome *Date:* August 20, 2025 *Dear Mellanox/NVIDIA Networking Support Team,* I am writing to formally submit the critical firmware parameters for Mellanox PCI Express Host Channel Adapter (HCA) cards, as detailed in the official documentation … Read More “Submission of Critical Firmware Parameters – PCIe HCA Cards  – Full Disclosure” »

  Posted by Ron E on Sep 08 The DjVuLibre document compression library (tested version 3.5.29) is vulnerable to an integer overflow caused by a left shift of a negative signed integer in the IW44EncodeCodec.cpp component. When processing crafted PPM input passed through the c44 utility, negative pixel values are left-shifted in functions such as … Read More “DjVuLibre 3.5.29 IW44EncodeCodec Integer Overflow (Negative Left Shift in IW44Image::Map::Encode)  – Full Disclosure” »

  Posted by Ron E on Sep 08 The DjVuLibre document compression library (tested version 3.5.29) contains multiple instances of unsigned integer overflow in the ZPCodec.cpp component. During arithmetic encoding operations (e.g., zemit, encode_lps, encode_lps_simple, eflush), crafted input can cause arithmetic wraparound (0-1, 1-2, or value+UINT_MAX). These operations rely on precise probability modeling for entropy … Read More “DjVuLibre 3.5.29 ZPCodec Unsigned Integer Overflow in Arithmetic Encoding  – Full Disclosure” »

  Posted by Ron E on Sep 08 The ladspa audio filter implementation (libavfilter/af_ladspa.c) in FFmpeg allows unsanitized environment variables to influence dynamic library loading. Specifically, the filter uses getenv(“LADSPA_PATH”) and getenv(“HOME”) when resolving the plugin shared object (.so) name provided through the file option. These values are concatenated into a filesystem path and passed … Read More “FFmpeg 7.0+ LADSPA Filter Arbitrary Shared Object Loading via Unsanitized Environment Variables  – Full Disclosure” »

  Posted by Ron E on Sep 08 A signed integer overflow exists in FFmpeg’s udp.c implementation when parsing the fifo_size option from a user-supplied UDP URL. The overflow occurs during multiplication, which is used to compute the size of the circular receive buffer. This can result in undefined behavior, allocation failures, or potentially memory … Read More “FFmpeg 7.0+ Integer Overflow in UDP Protocol Handler (fifo_size option)  – Full Disclosure” »