Category: Alert Feeds

  Posted by Wade Sparks on Jan 21 Hello Yuffie, Upon further investigation, the VulnCheck CNA determined that these vulnerabilities were not suitable for CVE assignment. The vulnerabilities exist within a SaaS product and are mitigated at the CSP-level which in this case, would be the vendor, EQS Group. Rather than contribute unactionable CVE records, … Read More “Re: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)  – Full Disclosure” »

  Posted by Matteo Beccati on Jan 14 ======================================================================== Revive Adserver Security Advisory REVIVE-SA-2026-001 ———————————————————————— https://www.revive-adserver.com/security/revive-sa-2026-001 ———————————————————————— Date: 2026-01-14 Risk Level: High Applications affected: Revive… – Read More  – Full Disclosure 

  Posted by Stefan Kanthak via Fulldisclosure on Jan 10 Hi @ll, the following is a condensed form of <https://skanthak.hier-im-netz.de/whispers.html#whisper3> and <https://skanthak.hier-im-netz.de/whispers.html#whisper4>. Windows Vista moved the shared start menu from “%ALLUSERSPROFILE%Start Menu” to “%ProgramData%MicrosoftWindowsStart Menu”, with some shortcuts (*.lnk) “reflected” from the (immutable) component store below %SystemRoot%WinSxS JFTR:… – Read More  – Full Disclosure 

  Posted by Ron E on Jan 10 A global buffer overflow vulnerability exists in the TinyOS printfUART implementation used within the ZigBee / IEEE 802.15.4 networking stack. The issue arises from an unsafe custom sprintf() routine that performs unbounded string concatenation using strcat() into a fixed-size global buffer. The global buffer debugbuf, defined with … Read More “TinyOS 2.1.2 printfUART Global Buffer Overflow via Unbounded Format Expansion  – Full Disclosure” »

  Posted by Ron E on Jan 10 A stack-based buffer overflow vulnerability exists in the mcp2200gpio utility due to unsafe use of strcpy() and strcat() when constructing device paths during automatic device discovery. A local attacker can trigger the vulnerability by creating a specially crafted filename under /dev/usb/, resulting in stack memory corruption and … Read More “TinyOS 2.1.2 Stack-Based Buffer Overflow in mcp2200gpio  – Full Disclosure” »

  Posted by Ron E on Jan 10 A stack-based buffer overflow vulnerability exists in the tapslip6 utility distributed with RIOT OS (and derived from the legacy uIP/Contiki networking tools). The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. Specifically, tapslip6 uses strcpy() … Read More “RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility via Unbounded Device Path Construction  – Full Disclosure” »

  Posted by Ron E on Jan 10 A stack-based buffer overflow vulnerability exists in the RIOT OS ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming frame bytes are appended to a fixed-size stack buffer (serial->frame) without verifying that the current … Read More “RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in RIOT ethos Serial Frame Parser  – Full Disclosure” »

  Posted by Art Manion via Fulldisclosure on Jan 10 Hi, CVE IDs *can* be assigned for SaaS or similarly “cloud only” software. For a period of time, there was a restriction that only the provider could make or request such an assignment. But the current CVE rules remove this restriction: 4.2.3 CNAs MUST NOT … Read More “Re: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)  – Full Disclosure” »

  Posted by KoreLogic Disclosures via Fulldisclosure on Jan 08 KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking Title: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking Advisory ID: KL-001-2026-001 Publication Date: 2026-01-08 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2026-001.txt 1. Vulnerability Details      Affected Vendor: yintibao      Affected Product: Fun Print Mobile   … Read More “KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking  – Full Disclosure” »

  Posted by Ron E on Jan 05 Panda3D’s egg-mkfont utility contains an uncontrolled format string vulnerability that allows disclosure of stack-resident memory. The -gp (glyph pattern) command-line option allows users to specify a formatting pattern intended for generating glyph texture filenames. This pattern is passed directly as the format string to sprintf() without validation … Read More “Panda3d v1.10.16 Uncontrolled Format String in Panda3D egg-mkfont Allows Stack Memory Disclosure  – Full Disclosure” »

  Posted by duykham on Jan 05 Hello Full Disclosure, I would like to disclose a security vulnerability identified in a smartphone application: *Koller Secret: Real Hidden App*. This report is shared in the interest of responsible disclosure and improving overall security awareness. — *Summary* – Application: Koller Secret: Real Hidden App – Package / … Read More “Security Vulnerability in Koller Secret: Real Hidden App (com.koller.secret.hidemyphoto)  – Full Disclosure” »

  Posted by malvuln on Jan 05 SigInt-Hombre, generates derived Suricata detection rules from live URLhaus threat indicators at runtime and deploy them to the Security Onion platform for high-coverage real-time network monitoring. https://github.com/malvuln/sigint-hombre What it does: Pulls the public URLhaus feed in real time (not mirrored or redistributed) Skips: Comments, empty lines, malformed URLs, … Read More “SigInt-Hombre v1 / dynamic Suricata detection rules from real-time threat feeds  – Full Disclosure” »

  Posted by Ron E on Jan 05 A global buffer overflow vulnerability exists in the TGZfname() function of the zlib untgz utility due to the use of an unbounded strcpy() call on attacker-controlled input. The utility copies a user-supplied archive name (argv[arg]) into a fixed-size static global buffer of 1024 bytes without performing any … Read More “zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility via Unbounded strcpy() on User-Supplied Archive Name  – Full Disclosure” »

  Posted by Ron E on Jan 05 A heap buffer underflow vulnerability exists in the readline() function of OpenLDAP’s Lightning Memory-Mapped Database (LMDB) mdb_load utility. The vulnerability is triggered through malformed input data and results in an out-of-bounds read one byte before an allocated heap buffer. This can lead to information disclosure through heap … Read More “MongoDB v8.3.0 Heap Buffer Underflow in OpenLDAP LMDB mdb_load  – Full Disclosure” »

  Posted by Ron E on Jan 05 Bio-Formats contains an XML External Entity (XXE) vulnerability in the Leica Microsystems metadata parsing component. The vulnerability is caused by the use of an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files (e.g., XLEF). When a crafted XML file is supplied, the parser allows external entity … Read More “Bioformats v8.3.0 Improper Restriction of XML External Entity Reference in Bio-Formats Leica Microsystems XML Parser  – Full Disclosure” »

  Posted by Ron E on Jan 05 Bio-Formats performs unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity checks, or trust enforcement. An attacker can exploit this behavior by supplying a crafted or corrupted .bfmemo file—either … Read More “Bioformats v8.3.0 Untrusted Deserialization of Bio-Formats Memoizer Cache Files  – Full Disclosure” »

  Posted by Ron E on Jan 05 This integer underflow vulnerability enables heap metadata corruption and information disclosure through carefully crafted LMDB dump files. *Impact:* – *Denial of Service*: Immediate crash (confirmed) – *Information Disclosure*: Heap metadata leak via OOB read Root Cause:The readline() function fails to validate that the input line length is … Read More “MongoDB v8.3.0 Integer Underflow in LMDB mdb_load  – Full Disclosure” »

  Posted by Ron E on Jan 05 A memory safety vulnerability exists in the Panda3D deploy-stub executable due to unbounded stack allocation using attacker-controlled input. The issue allows a local attacker to trigger stack exhaustion and subsequent use of uninitialized memory during Python interpreter initialization, resulting in a reliable crash and undefined behavior. The … Read More “Panda3d v1.10.16 deploy-stub Unbounded Stack Allocation Leading to Uninitialized Memory  – Full Disclosure” »

  Posted by Ron E on Jan 05 A stack-based buffer overflow vulnerability exists in the Panda3D egg-mkfont utility due to the use of an unbounded sprintf() call with attacker-controlled input. By supplying an excessively long glyph pattern string via the -gp command-line option, an attacker can trigger a stack buffer overflow, resulting in a … Read More “Panda3d v1.10.16 egg-mkfont Stack Buffer Overflow  – Full Disclosure” »

  Posted by Yuffie Kisaragi via Fulldisclosure on Jan 05 UPDATE: Following the publication of these vulnerabilities and the subsequent CVE assignments, the CVE identifiers have now been revoked. The vendor (EQS Group) contacted the CVE Program (via a CNA) and disputed the records, stating that the affected product is an exclusively hosted SaaS platform with … Read More “Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)  – Full Disclosure” »

  Posted by Egidio Romano on Dec 27 —————————————————————– PKP-WAL <= 3.5.0-1 (baseColour) LESS Code Injection Vulnerability —————————————————————– [-] Software Links: https://pkp.sfu.ca https://github.com/pkp/pkp-lib [-] Affected Versions: PKP Web Application Library (aka PKP-WAL or pkp-lib) version 3.4.0-9 and prior versions, and version 3.5.0-1 and prior versions, as used in Open Journal… – Read More  – Full Disclosure 

  Posted by Egidio Romano on Dec 27 ———————————————————————– PKP-WAL <= 3.5.0-3 (X-Forwarded-Host) LESS Code Injection Vulnerability ———————————————————————– [-] Software Links: https://pkp.sfu.ca https://github.com/pkp/pkp-lib [-] Affected Versions: PKP Web Application Library (aka PKP-WAL or pkp-lib) version 3.4.0-10 and prior versions, and version 3.5.0-3 and prior versions, as… – Read More  – Full Disclosure 

  Posted by Egidio Romano on Dec 27 —————————————————————– PKP-WAL <= 3.5.0-1 Login Cross-Site Request Forgery Vulnerability —————————————————————– [-] Software Links: https://pkp.sfu.ca https://github.com/pkp/pkp-lib [-] Affected Versions: Version 3.3.0-21 and prior versions. Version 3.4.0-9 and prior versions. Version 3.5.0-1 and prior versions. [-] Vulnerability Description: Open… – Read More  – Full Disclosure 

  Posted by malvuln on Dec 27 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/086f0693f81f6d40460c215717349a1f.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Backdoor.Win32.Netbus.170 Vulnerability: Insecure Credential Storage Family: Netbus Type: PE32 Attack-pattern TTP: Unsecured Credentials (T1552) MD5: 086f0693f81f6d40460c215717349a1f… – Read More  – Full Disclosure 

  Posted by malvuln on Dec 27 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/3d9821cbe836572410b3c5485a7f76ca.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Backdoor.Win32.Poison.jh Vulnerability: Insecure Permissions Description: The malware creates the directory 28463 under C:WindowsSysWOW64, granting Full (F) permissions to the Everyone… – Read More  – … Read More “Backdoor.Win32.Poison.jh / Insecure Permissions  – Full Disclosure” »

  Posted by Egidio Romano on Dec 27 ———————————————————————- PKP-WAL <= 3.5.0-1 (Institution Collector) SQL Injection Vulnerability ———————————————————————- [-] Software Links: https://pkp.sfu.ca https://github.com/pkp/pkp-lib [-] Affected Versions: PKP Web Application Library (aka PKP-WAL or pkp-lib) version 3.4.0-9 and prior versions, and version 3.5.0-1 and prior versions, as used… – Read More  – Full Disclosure 

  Posted by Egidio Romano on Dec 27 ——————————————————————————————— Open Journal Systems <= 3.5.0-1 (NativeXmlIssueGalleyFilter.php) Path Traversal Vulnerability ——————————————————————————————— [-] Software Links: https://pkp.sfu.ca/software/ojs/ https://github.com/pkp/ojs [-] Affected Versions: Version 3.3.0-21 and prior versions. Version 3.4.0-9 and… – Read More  – Full Disclosure 

  Posted by malvuln on Dec 22 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/b2e50fa38510a5ea8e11f614b1c1d0d5.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: HEUR.Backdoor.Win32.Poison.gen Vulnerability: Arbitrary Code Execution Description: The malware looks for and executes a x32-bit “WININET.dll” PE file in its current directory…. – Read More  … Read More “HEUR.Backdoor.Win32.Poison.gen / Arbitrary Code Execution / MVID-2025-0701  – Full Disclosure” »

  Posted by malvuln on Dec 22 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/b2e50fa38510a5ea8e11f614b1c1d0d5.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: HEUR.Backdoor.Win32.Poison.gen Vulnerability: Arbitrary Code Execution Description: The malware looks for and executes a x32-bit “WININET.dll” PE file in its current directory…. – Read More  … Read More “HEUR.Backdoor.Win32.Poison.gen / Arbitrary Code Execution / MVID-2025-0701  – Full Disclosure” »

  Posted by malvuln on Dec 22 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/b2e50fa38510a5ea8e11f614b1c1d0d5.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: HEUR.Backdoor.Win32.Poison.gen Vulnerability: Arbitrary Code Execution Description: The malware looks for and executes a x32-bit “WININET.dll” PE file in its current directory…. – Read More  … Read More “HEUR.Backdoor.Win32.Poison.gen / Arbitrary Code Execution / MVID-2025-0701  – Full Disclosure” »

  Posted by malvuln on Dec 22 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/6c0eda1210da81b191bd970cb0f8660a.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Backdoor.Win32.ControlTotal.t Vulnerability: Insecure Credential Storage Description: The malware listens on TCP port 2032 and requires authentication. The password “jdf4df4vdf”… – Read More  – Full … Read More “Backdoor.Win32.ControlTotal.t / Insecure Credential Storage / MVID-2025-0702  – Full Disclosure” »

  Posted by malvuln on Dec 22 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/6c0eda1210da81b191bd970cb0f8660a.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Backdoor.Win32.ControlTotal.t Vulnerability: Insecure Credential Storage Description: The malware listens on TCP port 2032 and requires authentication. The password “jdf4df4vdf”… – Read More  – Full … Read More “Backdoor.Win32.ControlTotal.t / Insecure Credential Storage / MVID-2025-0702  – Full Disclosure” »

  Posted by malvuln on Dec 22 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/6c0eda1210da81b191bd970cb0f8660a.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Backdoor.Win32.ControlTotal.t Vulnerability: Insecure Credential Storage Description: The malware listens on TCP port 2032 and requires authentication. The password “jdf4df4vdf”… – Read More  – Full … Read More “Backdoor.Win32.ControlTotal.t / Insecure Credential Storage / MVID-2025-0702  – Full Disclosure” »

  Posted by Stefan Kanthak via Fulldisclosure on Dec 22 Hi @ll, since 30 years Microsoft ships Windows with “Windows Script Host”, an empty registry key and the following registry entries: [HKEY_CURRENT_USERSoftwareMicrosoftWindows Script HostSettings] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Script HostSettings] “ActiveDebugging”=”1” “DisplayLogo”=”1” “SilentTerminate”=”0” “UseWINSAFER”=”1” The… – Read More  – Full Disclosure 

  Posted by Andraz Sraka on Dec 17 MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMN..-..–+MMNy:…-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MM:..—.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM Mm../dds.-oy.-.dMh–mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM My:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohM MMMs//yMNo+hMh—m:-:hy+sMN..+Mo..os+.-:Ny–ossssdN-.:yyo+mM… – Read More  – Full Disclosure 

  Posted by LRKTBEYK LRKTBEYK on Dec 17 I tried to report these vulnerabilities to ImmuneFi, but they closed it (report 62070) as “out of scope.” I believe them when they tell me something is out of scope, so now it’s public. https://github.com/raydium-io/raydium-cp-swap/pull/62 These vulnerabilities collectively enable fee theft, creator fee hijacking, and potential user … Read More “Raydium CP Swap: Unchecked Account Allows Creator Fee Hijacking  – Full Disclosure” »

  Posted by Egidio Romano on Dec 17 ———————————————————————————— Control Web Panel <= 0.9.8.1208 (admin/index.php) OS Command Injection Vulnerability ———————————————————————————— [-] Software Link: https://control-webpanel.com [-] Affected Versions: Version 0.9.8.1208 and prior versions. [-] Vulnerability Description: User input passed via the “key” GET… – Read More  – Full Disclosure 

  Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 17 CyberDanube Security Research 20251215-0 ——————————————————————————- title| Multiple Vulnerabilities product| FL Switch vulnerable version| 3.40 fixed version| TODO CVE number| CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, | CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, | CVE-2025-41745,… – Read More  – Full Disclosure 

  Posted by Onur Tezcan via Fulldisclosure on Dec 15 [Attack Vectors]       > It was detected that a Stored XSS vulnerability in the “Content Management” > “Blog posts” area. Malicious HTML/JavaScript added to the Body overview field of a blog post is stored in the backend and executes when the blog page is visited (http://localhost/blog/) … Read More “nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area  – Full Disclosure” »

  Posted by Onur Tezcan via Fulldisclosure on Dec 15 [Attack Vectors]       > It was detected that a Stored XSS vulnerability on the “Currencies” functionality, specifically on the following input field: “Configuration > Currencies > Edit one of the currencies > “Custom formatting” input field. After saving the payload, the vulnerability can be triggered by … Read More “nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality.  – Full Disclosure” »

  Posted by Onur Tezcan via Fulldisclosure on Dec 15 [Attack Vectors]       > It was detected that multiple Stored Cross-Site Scripting (Stored XSS) vulnerabilities in the product management functionality. Malicious JavaScript payloads inserted into the “Product Name” and “Short Description” fields are stored in the backend database and executed automatically whenever a user (administrator or … Read More “nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality  – Full Disclosure” »

  Posted by Onur Tezcan via Fulldisclosure on Dec 15 [Attack Vectors]       > It was identified Cross-Site Request Forgery (CSRF) vulnerability on the “Run now” button of Schedule tasks functionality. Exploiting this vulnerability, an attacker can run a scheduled task without the victim users consent or knowledge. Assigned CVE code:       > CVE-2025-65593 [Discoverer]       > AlterSec … Read More “nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality  – Full Disclosure” »

  Posted by Egidio Romano on Dec 15 —————————————————————————– Bitrix24 <= 25.100.300 (Translate Module) Remote Code Execution Vulnerability —————————————————————————– [-] Software Link: https://www.bitrix24.com [-] Affected Versions: Version 25.100.300 and prior versions. [-] Vulnerability Description: The vulnerability is located within the “Translate Module”,… – Read More  – Full Disclosure 

  Posted by Egidio Romano on Dec 15 —————————————————————————— 1C-Bitrix <= 25.100.500 (Translate Module) Remote Code Execution Vulnerability —————————————————————————— [-] Software Link: https://www.1c-bitrix.ru [-] Affected Versions: Version 25.100.500 and prior versions. [-] Vulnerability Description: The vulnerability is located within the “Translate… – Read More  – Full Disclosure 

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-2 iOS 18.7.3 and iPadOS 18.7.3 iOS 18.7.3 and iPadOS 18.7.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/125885. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleJPEG Available for: … Read More “APPLE-SA-12-12-2025-2 iOS 18.7.3 and iPadOS 18.7.3  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-3 macOS Tahoe 26.2 macOS Tahoe 26.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/125886. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. App Store Available for: macOS Tahoe Impact: … Read More “APPLE-SA-12-12-2025-3 macOS Tahoe 26.2  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-4 macOS Sequoia 15.7.3 macOS Sequoia 15.7.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/125887. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleJPEG Available for: macOS Sequoia Impact: Processing … Read More “APPLE-SA-12-12-2025-4 macOS Sequoia 15.7.3  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-5 macOS Sonoma 14.8.3 macOS Sonoma 14.8.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/125888. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleJPEG Available for: macOS Sonoma Impact: Processing … Read More “APPLE-SA-12-12-2025-5 macOS Sonoma 14.8.3  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-6 tvOS 26.2 tvOS 26.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/125889. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleJPEG Available for: Apple TV HD and Apple TV … Read More “APPLE-SA-12-12-2025-6 tvOS 26.2  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-7 watchOS 26.2 watchOS 26.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/125890. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. App Store Available for: Apple Watch Series 6 and … Read More “APPLE-SA-12-12-2025-7 watchOS 26.2  – Full Disclosure” »