Category: Alert Feeds

  Posted by Gynvael Coldwind on Oct 15 Vendor Response Pattern Hi Christopher, Vendor is correct with this one. The problem isn’t the vendor’s site – it’s that the browser is already pwned with the malicious browser extension (this is site-agnostic). You’ve mentioned “No user interaction required beyond normal application usage.”, but having “Malicious browser … Read More “Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)  – Full Disclosure” »

  Posted by SBA Research Security Advisory via Fulldisclosure on Oct 13 # Checkmk Agent Privilege Escalation via Insecure Temporary Files # Link: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250724-01_Checkmk_Agent_Privilege_Escalation_via_Insecure_Temporary_Files ## Vulnerability Overview ## The `win_license` plugin as included in Checkmk agent for Windows versions before 2.4.0p13, 2.3.0p38 and 2.2.0p46, as well as since version 2.1.0b2 and 2.0.0p28 allows low privileged … Read More “[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files  – Full Disclosure” »

  Posted by SBA Research Security Advisory via Fulldisclosure on Oct 13 # Checkmk Path Traversal # Link: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250730-01_Checkmk_Path_Traversal ## Vulnerability Overview ## Checkmk in versions before 2.4.0p13, 2.3.0p38 and 2.2.0p46, as well as since version 2.1.0b1 is prone to a path traversal vulnerability in the report scheduler. Due to an insufficient validation of a … Read More “[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal  – Full Disclosure” »

  Posted by Christopher Dickinson via Fulldisclosure on Oct 13 Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com CVE Identifiers * CVE-2025-[PENDING] – Excessive Data Exposure / JWT Token Leakage * CVE-2025-[PENDING] – Broken Object Level Authorization (IDOR) * CVE-2025-[PENDING] – Unrestricted Resource Consumption (DoS) Executive Summary This security advisory details three significant vulnerabilities discovered in … Read More “Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)  – Full Disclosure” »

  Posted by Seralys Research Team via Fulldisclosure on Oct 08 Seralys Security Advisory | https://www.seralys.com/research ====================================================================== Title: SQL Injection Vulnerability Product: Open Web Analytics (OWA) Affected: Confirmed on 1.8.0 (older versions likely affected) Fixed in: 1.8.1 Vendor: Open Web Analytics (open-source) Discovered: August 2025 Severity: HIGH CWE: CWE-89: SQL Injection CVE: CVE-2025-59397… – Read More  … Read More “CVE-2025-59397 – Open Web Analytics SQL Injection  – Full Disclosure” »

  Posted by Stefan Kanthak via Fulldisclosure on Oct 07 On a fresh installation of the just released Windows 11 25H2 the former file %SystemRoot%System32SecurityHealth10.0.27840.1000-0SecurityHealthHost.exe is %SystemRoot%System32SecurityHealthHost.exe now, but the BUG persists: | svchost.exe (PID = 9876) identified \?C:WindowsSystem32SecurityHealthHost.exe | as Disallowed using default rule, Guid = 11015445-d282-4f86-96a2-9e485f593302 stay tuned, and far away from bug-riddled … Read More “Re: Defense in depth — the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11  – Full Disclosure” »

  Posted by full on Oct 07 Substack is down. If there is a replacement, it is appreciated. -x9p – Read More  – Full Disclosure 

  Posted by josephgoyd via Fulldisclosure on Oct 07 The GitHub link has a write up on the attack-chain. Along with the CNVD certs that were issued for validation. https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201 – Read More  – Full Disclosure 

  Posted by josephgoyd via Fulldisclosure on Oct 02 Updated repo location: https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201 Working exploit: https://www.dropbox.com/scl/fi/oerpnhq1ui3xfswsszfh2/Audio-clip.amr?rlkey=7n54m1o84poezyipxvd2f9slx&st=b1tkonvr&dl=0 – Read More  – Full Disclosure 

  Posted by josephgoyd via Fulldisclosure on Oct 02 Updated repo location: https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201 Working exploit: https://www.dropbox.com/scl/fi/ech6wdnpnyscbfiu2o8zh/IMG_1118.png?rlkey=jna5uo6aihs6tfbwtsk8fw7em&st=8c56raq8&dl=0 – Read More  – Full Disclosure 

  Posted by Ron E on Sep 30 A heap buffer overflow vulnerability exists in the geotifcp utility, distributed as part of libgeotiff. The flaw occurs in the function cpContig2ContigByRow_8_to_4 when processing TIFF images with an odd ImageWidth and using the -d option (downsampling from 8-bit to 4-bit). During conversion, the function iterates over pixels … Read More “libgeotiff 1.7.4 Heap Buffer Overflow in geotifcp (libgeotiff) During 8-to-4 Bit Downsample with Odd Image Width  – Full Disclosure” »

  Posted by Ron E on Sep 30 In the samtools coverage subcommand, the -w / –n-bins option allows the user to specify how many “bins” to produce in the coverage histogram. The code computes: stats[tid].bin_width = (stats[tid].end – stats[tid].beg) / n_bins; When the number of bins (n_bins) is extremely large relative to the region … Read More “Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow  – Full Disclosure” »

  Posted by Ron E on Sep 30 A denial-of-service vulnerability exists in Samtools and the underlying HTSlib when processing BED files containing extremely large interval values. The bed_index_core() function in bedidx.c uses the interval end coordinate to calculate allocation size without sufficient validation. By supplying a BED record with a crafted end coordinate (e.g., … Read More “Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1 macOS Sonoma 14.8.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125330. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: macOS Sonoma Impact: Processing … Read More “APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-6 visionOS 26.0.1 visionOS 26.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125338. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: Apple Vision Pro Impact: Processing a … Read More “APPLE-SA-09-29-2025-6 visionOS 26.0.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1 iOS 26.0.1 and iPadOS 26.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125326. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: … Read More “APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1 iOS 18.7.1 and iPadOS 18.7.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125327. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: … Read More “APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1 macOS Tahoe 26.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125328. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: macOS Tahoe Impact: Processing … Read More “APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1 macOS Sequoia 15.7.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125329. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: macOS Sequoia Impact: Processing … Read More “APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 25 SEC Consult Vulnerability Lab Security Advisory < 20250925-0 > ======================================================================= title: Multiple Vulnerabilities product: iMonitorSoft EAM vulnerable version: iMonitor EAM 9.6394 fixed version: – CVE number: CVE-2025-10540, CVE-2025-10541, CVE-2025-10542 impact: Critical homepage:… – Read More  – Full Disclosure 

  Posted by Antoine Martin via Fulldisclosure on Sep 25 1) About Xpra Xpra is known as “screen for X11”. https://xpra.org/ “Xpra forwards and synchronizes many extra desktop features, which allows remote applications to integrate transparently into the client’s desktop environment: audio input and output, printers, clipboard, system trays, notifications, webcams, etc.” 2) Vulnerability Using … Read More “xpra server information disclosure  – Full Disclosure” »

  Posted by Thomas Weber | CyberDanube via Fulldisclosure on Sep 25 CyberDanube Security Research 20250909-0 ——————————————————————————- title| Reflected XSS product| ATV 630 vulnerable version| “see Vulnerable versions” fixed version| none CVE number| CVE-2025-7746 impact| Medium homepage| https://www.se.com/ found| 2025-03-11 by| T…. – Read More  – Full Disclosure 

  Posted by Thomas Weber | CyberDanube via Fulldisclosure on Sep 25 CyberDanube Security Research 20250919-0 ——————————————————————————- title| Multiple Vulnerabilities in Novakon HMI Series product| Novakon Touch Screen HMI P Series vulnerable version| P – V2001.A.c518o2 fixed version| – CVE number| CVE-2025-9962, CVE-2025-9963, CVE-2025-9964, | CVE-2025-9965, CVE-2025-9966… – Read More  – Full Disclosure 

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 25 SEC Consult Vulnerability Lab Security Advisory < 20250923-0 > ======================================================================= title: Missing Certificate Validation leading to RCE product: CleverControl employee monitoring software vulnerable version: 11.5.1041.6 fixed version: – CVE number: CVE-2025-10548 impact: high homepage: https://clevercontrol.com… – Read More  – Full Disclosure 

  Posted by Burning River Cyber Con via Fulldisclosure on Sep 22 Burning River CyberCon is seeking submissions for our 2025 conference. We’re looking for presentations on all things infosec, from vulnerability research and exploit development to red teaming and security automation. Key Details: – CFP Link: https://burningrivercybercon.com/call-for-papers – CFP Closes: October 1, 2025 – … Read More “[CFP] Burning River Cyber Con ’25 – Cleveland, OH  – Full Disclosure” »

  Posted by Andrey Stoykov on Sep 22 # Exploit Title: Current Password not Required When Changing Password – flatpressv1.4.1 # Date: 09/2025 # Exploit Author: Andrey Stoykov # Version: 1.4.1 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/2025/09/friday-fun-pentest-series-42-current.html Current Password not Required When Changing Password: Steps to Reproduce: – Login with admin user and … Read More “Current Password not Required When Changing Password – flatpressv1.4.1  – Full Disclosure” »

  Posted by Andrey Stoykov on Sep 22 # Exploit Title: Stored HTML Injection – flatpressv1.4.1 # Date: 09/2025 # Exploit Author: Andrey Stoykov # Version: 1.4.1 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/2025/09/friday-fun-pentest-series-41-stored.html Stored HTML Injection: Steps to Reproduce: – Login with admin user and visit “Main” > “New Entry” > “Write Entry” … Read More “Stored HTML Injection – flatpressv1.4.1  – Full Disclosure” »

  Posted by Ron E on Sep 22 gmo2msg in libelf contains a stack-based buffer overflow in po/gmo2msg.c when constructing filenames from the first program argument (lang). The program uses a fixed-size local buffer (char buf[1024]) and writes into it using sprintf(buf, “%s.gmo”, lang) and sprintf(buf, “%s.msg”, lang) without validating the length of lang. Supplying … Read More “libelf 0.8.12 Stack-based buffer overflow in gmo2msg (libelf) via unbounded sprintf of lang argument  – Full Disclosure” »

  Posted by Stefan Kanthak via Fulldisclosure on Sep 22 Hi @ll, more than 2.5 years ago I posted “Defense in depth — the Microsoft way (part 82): INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2″ <https://seclists.org/fulldisclosure/2023/Feb/13> In “SRP on Windows 11” <https://seclists.org/fulldisclosure/2023/Mar/1> Andy Ful presented a persistent correction some days later. Since several … Read More “Defense in depth — the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11  – Full Disclosure” »

  Posted by Stefan Kanthak via Fulldisclosure on Sep 22 Hi @ll, since several years Microsoft installs the DLLs domain_actions.dll and well_known_domains.dll as part of their Edge browser as well as Windows’ WebView component into each and every user profile, UNPROTECTED against tampering. On Windows 11 24H2 their paths are currently “%LOCALAPPDATA%MicrosoftEdgeUser DataDomain Actions3.0.0.16domain_actions.dll” “%LOCALAPPDATA%MicrosoftEdgeUser … Read More “Defense in depth — the Microsoft way (part 94): BACKDOOR planted in AppLocker  – Full Disclosure” »

  Posted by Stefan Kanthak via Fulldisclosure on Sep 22 Hi @ll, since several years Microsoft installs the DLLs domain_actions.dll and well_known_domains.dll as part of their Edge browser as well as Windows’ WebView component into each and every user profile, UNPROTECTED against tampering. On Windows 11 24H2 their paths are currently “%LOCALAPPDATA%MicrosoftEdgeUser DataDomain Actions3.0.0.16domain_actions.dll” “%LOCALAPPDATA%MicrosoftEdgeUser … Read More “Defense in depth — the Microsoft way (part 94): BACKDOOR planted in AppLocker  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-10 visionOS 26 visionOS 26 addresses the following issues. Information about the security content is also available at https://support.apple.com/125115. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: Apple Vision Pro Impact: An app … Read More “APPLE-SA-09-15-2025-10 visionOS 26  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-11 Safari 26 Safari 26 addresses the following issues. Information about the security content is also available at https://support.apple.com/125113. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Safari Available for: macOS Sonoma and macOS Sequoia Impact: … Read More “APPLE-SA-09-15-2025-11 Safari 26  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-7 macOS Sonoma 14.8 macOS Sonoma 14.8 addresses the following issues. Information about the security content is also available at https://support.apple.com/125112. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AMD Available for: macOS Sonoma Impact: An … Read More “APPLE-SA-09-15-2025-7 macOS Sonoma 14.8  – Full Disclosure” »

  Posted by Ron E on Sep 15 Multiple functions in libvips invoke callbacks through incorrectly cast function pointers, resulting in Undefined Behavior (UB). During runtime, callbacks such as search_package, vips_class_map_all, vips_foreign_find_load_sub, vips_object_real_postbuild, and vips_area_free_cb are called through function pointer types that do not match their actual signatures. This is benign on x86-64, where calling … Read More “libvips v8.18.0 Function Pointer Type Confusion in libvips Callback Dispatch  – Full Disclosure” »

  Posted by Ron E on Sep 15 An integer overflow vulnerability exists in the LZX decompression routines of CHMLib (tested in version 0.40, latest release as of 2025). The issue occurs within lzx.c during bitstream parsing (lzx_read_lens and LZXdecompress), where crafted CHM files can supply values that cause left-shift operations to exceed the representable … Read More “CHMLIB 0.40a Integer Overflow in LZX Decompression of CHMLib  – Full Disclosure” »

  Posted by Ron E on Sep 15 A vulnerability exists in CHMLib (latest release 0.40) when parsing malformed CHM (Compiled HTML Help) files. The functions _unmarshal_int32 and _unmarshal_uint32 reconstruct 32-bit values using left shifts on signed integers without proper type casting: *dest = (*pData)[0] | (*pData)[1]<<8 | (*pData)[2]<<16 | (*pData)[3]<<24; If an attacker supplies … Read More “CHMLib 0.40a Integer Overflow in _unmarshal_int32 / _unmarshal_uint32 During CHM Header Parsing  – Full Disclosure” »

  Posted by Ron E on Sep 15 libwmf is vulnerable to an integer overflow / undefined behavior condition in multiple code paths. The affected source files (wmf.c, fig.c, svg.c) use left-shift operations on signed integers that shift into the sign bit (e.g., 1 << 31). According to the C standard, shifting a signed integer … Read More “libwmf v0.2.13 Integer Overflow in libwmf Left-Shift Operations (wmf.c, fig.c, svg.c)  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-1 iOS 26 and iPadOS 26 iOS 26 and iPadOS 26 addresses the following issues. Information about the security content is also available at https://support.apple.com/125108. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Neural Engine … Read More “APPLE-SA-09-15-2025-1 iOS 26 and iPadOS 26  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-2 iOS 18.7 and iPadOS 18.7 iOS 18.7 and iPadOS 18.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/125109. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Audio Available for: … Read More “APPLE-SA-09-15-2025-2 iOS 18.7 and iPadOS 18.7  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-3 iOS 16.7.12 and iPadOS 16.7.12 iOS 16.7.12 and iPadOS 16.7.12 addresses the following issues. Information about the security content is also available at https://support.apple.com/125141. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: … Read More “APPLE-SA-09-15-2025-3 iOS 16.7.12 and iPadOS 16.7.12  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-4 iOS 15.8.5 and iPadOS 15.8.5 iOS 15.8.5 and iPadOS 15.8.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/125142. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: … Read More “APPLE-SA-09-15-2025-4 iOS 15.8.5 and iPadOS 15.8.5  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-5 macOS Tahoe 26 macOS Tahoe 26 addresses the following issues. Information about the security content is also available at https://support.apple.com/125110. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Airport Available for: Mac Studio (2022 and … Read More “APPLE-SA-09-15-2025-5 macOS Tahoe 26  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-6 macOS Sequoia 15.7 macOS Sequoia 15.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/125111. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AMD Available for: macOS Sequoia Impact: An … Read More “APPLE-SA-09-15-2025-6 macOS Sequoia 15.7  – Full Disclosure” »

  Posted by Matthew Fernandez on Sep 10 Can you elaborate on why you consider this high severity? From the description, it sounds as if this behaviour is fail-closed. That is, the effects are limited to DoS, with security properties preserved. – Read More  – Full Disclosure 

  Posted by naphthalin via Fulldisclosure on Sep 10 “I know where your children go to school.” The web front end of the IServ school server from IServ GmbH allows user enumeration. Responses during failed login attempts differ, depending on if the user account exists, does not exist and other conditions. While this does not … Read More “User Enumeration in IServ Schoolserver Web Login  – Full Disclosure” »

  Posted by Taylor Newsome on Sep 08 Reporter: [Taylor Christian Newsome / SleepRaps () gmail com] Date: [8/21/2025] Target: Discord WebRTC / Voice Gateway API Severity: Critical 1. Executive Summary A proof-of-concept (PersistentRTC) demonstrates remote code execution (RCE) capability against Discord users. The PoC enables Arbitrary JavaScript execution in a victim’s browser context via … Read More “Critical Security Report – Remote Code Execution via Persistent Discord WebRTC Automation  – Full Disclosure” »