Category: Alert Feeds

  Posted by GregD via Fulldisclosure on Mar 12 Hi, I’m disclosing five vulnerabilities discovered during an authorised security assessment of the Cohesity TranZman Migration Appliance (formerly Stone Ram TranZman), Release 4.0 Build 14614. CVE-2025-67840 – Web API Command Injection (CVSS 7.2 High) The /api/v1/scheduler/run and /api/v1/actions/run endpoints allow authenticated administrators to execute arbitrary commands … Read More “Cohesity TranZman Migration Appliance – 5 CVEs (command injection, LPE, unsigned patches, weak crypto)  – Full Disclosure” »

  Posted by Feng Ning via Fulldisclosure on Mar 12 Subject: Alipay DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 17 Vulns, 6 CVEs (CVSS 9.3) # Alipay DeepLink + JSBridge Attack Chain # Silent GPS Exfiltration via Crafted URL ## Overview Researcher: Jiqiang Feng / Innora AI Security Research Vendor: Ant Group (蚂蚁集团) / Alibaba Group … Read More “Alipay DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 17 Vulns, 6 CVEs (CVSS 9.3)  – Full Disclosure” »

  Posted by Stefan Kanthak via Fulldisclosure on Mar 12 Hi @ll, about 2 months ago I posted <https://seclists.org/fulldisclosure/2025/Dec/29> “Defense in depth — the Microsoft way (part 94): SAFER (SRPv1 and AppLocker alias SRPv2) bypass for dummies” Here’s the continuation… About 23 years ago, 64-bit Windows introduced the WoW64 subsystem, which performs a transpatent redirection … Read More “Defense in depth — the Microsoft way (part 96): yet another SAFER (SRPv1) and AppLocker (SRPv2) loophole  – Full Disclosure” »

  Posted by Daniel Owens via Fulldisclosure on Mar 12 As previously mentioned, via “Struts2 and Related Framework Array/Collection DoS” (26 October 2025), hundreds of JavaScript object notation (JSON) libraries are vulnerable to unconstrained resource consumption through large JSON arrays, which, when deserialised, create arbitrarily large collections/arrays/data structures. This work looks specifically at the Apache … Read More “JSON Deserialiser Unconstrained Resource Consumption Quick Overview  – Full Disclosure” »

  Posted by Egidio Romano on Feb 22 —————————————————————————- SmarterMail <= 9518 (MailboxId) Reflected Cross-Site Scripting Vulnerability —————————————————————————- [-] Software Link: https://www.smartertools.com/smartermail/business-email-server [-] Affected Versions: Build 9518 and prior builds. [-] Vulnerability Description: User input passed through the… – Read More  – Full Disclosure 

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 22 SEC Consult Vulnerability Lab Security Advisory < 20260218-0 > ======================================================================= title: Multiple Critical Vulnerabilities product: NesterSoft WorkTime (on-prem/cloud) vulnerable version: <= 11.8.8 fixed version: No patch available, vendor unresponsive. CVE number: CVE-2025-15563, CVE-2025-15562, CVE-2025-15561… – Read More  – Full Disclosure 

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-4 macOS Sequoia 15.7.4 macOS Sequoia 15.7.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126349. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: macOS Sequoia Impact: An … Read More “APPLE-SA-02-11-2026-4 macOS Sequoia 15.7.4  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-5 macOS Sonoma 14.8.4 macOS Sonoma 14.8.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126350. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: macOS Sonoma Impact: An … Read More “APPLE-SA-02-11-2026-5 macOS Sonoma 14.8.4  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-6 tvOS 26.3 tvOS 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126351. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Bluetooth Available for: Apple TV HD and Apple TV … Read More “APPLE-SA-02-11-2026-6 tvOS 26.3  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-7 watchOS 26.3 watchOS 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126352. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Bluetooth Available for: Apple Watch Series 6 and later … Read More “APPLE-SA-02-11-2026-7 watchOS 26.3  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-8 visionOS 26.3 visionOS 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126353. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: Apple Vision Pro (all models) Impact: … Read More “APPLE-SA-02-11-2026-8 visionOS 26.3  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-9 Safari 26.3 Safari 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126354. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. CFNetwork Available for: macOS Sonoma and macOS Sequoia Impact: … Read More “APPLE-SA-02-11-2026-9 Safari 26.3  – Full Disclosure” »

  Posted by Christian Zäske via Fulldisclosure on Feb 16 Advisory ID:               SYSS-2025-011 Product:                   MR9600, MX4200 (and potentially others) Manufacturer:              Linksys Affected Version(s):       1.0.4.205530 for MR9600, 1.0.13.210200 for MX4200 (and potentially others) Tested … Read More “[SYSS-2025-011] Linksys MX9600/MX4200 – OS Command Injection  – Full Disclosure” »

  Posted by Christian Zäske via Fulldisclosure on Feb 16 Advisory ID:               SYSS-2025-014 Product:                   MX4200 (and potentially others) Manufacturer:              Linksys Affected Version(s):       1.0.13.210200 (and potentially others) Tested Version(s):         1.0.13.210200 MX4200 … Read More “[SYSS-2025-014] Linksys MX4200 – Improper Verification of Source of a Communication Channel  – Full Disclosure” »

  Posted by Agent Spooky’s Fun Parade via Fulldisclosure on Feb 16 1. SUMMARY Two independently confirmed vulnerabilities in Jump Crypto’s Firedancer Solana validator (https://github.com/firedancer-io/firedancer, commit 7cd3b6dce): A) Three undefined behavior / logic bugs in QUIC transport parameter processing, triggerable by a malicious QUIC server with zero authentication. Enables remote connection kill or hang. B) … Read More “Firedancer Solana Validator – QUIC Transport Parameter UB and Consensus-Splitting Cast Bug  – Full Disclosure” »

  Posted by Darsh Naik on Feb 16 🔓 The Attack Path — No Login, SYSTEM Access 1. Boot into setup.exe (via USB, PXE, or OOBM like Intel vPro). 2. Click “Repair your computer” → Enter WinRE. 3. Press Shift + F10 → SYSTEM-level Command Prompt. 4. From there, attacker can: – Run `net user` … Read More “🚨 Public Disclosure: Remote BitLocker Bypass via Intel AMT — SYSTEM Access Without Login  – Full Disclosure” »

  Posted by Hanno Böck on Feb 16 During tests of electronic invoicing tools, I discovered multiple XXE and Blind XXE vulnerabilities in online tools parsing electronic invoices in XML formats. While most of the affected tools have fixed these vulnerabilities, two online tools remain vulnerable to Blind XXE attacks, allowing exfiltration of files. Disclosure … Read More “Blind XXE in Electronic Invoice online tools (validator.invoice-portal.de, xrechnung.rib.de)  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-1 iOS 26.3 and iPadOS 26.3 iOS 26.3 and iPadOS 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126346. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: … Read More “APPLE-SA-02-11-2026-1 iOS 26.3 and iPadOS 26.3  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-2 iOS 18.7.5 and iPadOS 18.7.5 iOS 18.7.5 and iPadOS 18.7.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/126347. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: … Read More “APPLE-SA-02-11-2026-2 iOS 18.7.5 and iPadOS 18.7.5  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-3 macOS Tahoe 26.3 macOS Tahoe 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126348. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Admin Framework Available for: macOS Tahoe Impact: … Read More “APPLE-SA-02-11-2026-3 macOS Tahoe 26.3  – Full Disclosure” »

  Posted by privexploits via Fulldisclosure on Feb 16 Advisory: Authenticated Remote Code Execution in pfSense CECVEs: CVE-2025-69690, CVE-2025-69691 Researcher: Nelson Adhepeau (privexploits () protonmail com) Date: February 2026 == RESPONSIBLE DISCLOSURE NOTICE == This advisory is published in accordance with responsible disclosure practices.  The vendor was notified on December 2, 2025, acknowledged the reports, … Read More “[Full Disclosure] CVE-2025-69690 & CVE-2025-69691 — Authenticated RCE in Netgate pfSense CE 2.7.2 and 2.8.0  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 16 SEC Consult Vulnerability Lab Security Advisory < 20260212-0 > ======================================================================= title: Multiple Vulnerabilities             product: Various Solax Power Pocket WiFi models  vulnerable version: See section below       fixed version: See section below         … Read More “SEC Consult SA-20260212-0 :: Multiple Vulnerabilities in various Solax Power Pocket WiFi models  – Full Disclosure” »

  Posted by Asterisk Development Team via Fulldisclosure on Feb 07 The Asterisk Development Team would like to announce security release Certified Asterisk 20.7-cert9. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/certified-20.7-cert9 and https://downloads.asterisk.org/pub/telephony/certified-asterisk Repository: https://github.com/asterisk/asterisk Tag: certified-20.7-cert9 ## Change Log for Release asterisk-certified-20.7-cert9 ###… – Read More  – Full Disclosure 

  Posted by Asterisk Development Team via Fulldisclosure on Feb 07 The Asterisk Development Team would like to announce security release Asterisk 20.18.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/20.18.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 20.18.2 ## Change Log for Release asterisk-20.18.2 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

  Posted by Asterisk Development Team via Fulldisclosure on Feb 07 The Asterisk Development Team would like to announce security release Asterisk 22.8.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/22.8.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 22.8.2 ## Change Log for Release asterisk-22.8.2 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

  Posted by Asterisk Development Team via Fulldisclosure on Feb 07 The Asterisk Development Team would like to announce security release Asterisk 21.12.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/21.12.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 21.12.1 ## Change Log for Release asterisk-21.12.1 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

  Posted by Asterisk Development Team via Fulldisclosure on Feb 07 The Asterisk Development Team would like to announce security release Asterisk 23.2.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/23.2.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 23.2.2 ## Change Log for Release asterisk-23.2.2 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

  Posted by Egidio Romano on Feb 04 ————————————————————————— Blesta <= 5.13.1 (confirm_url) Reflected Cross-Site Scripting Vulnerability ————————————————————————— [-] Software Link: https://www.blesta.com [-] Affected Versions: All versions from 3.2.0 to 5.13.1. [-] Vulnerability Description: User input passed through the “confirm_url” GET parameter to the… – Read More  – Full Disclosure 

  Posted by Egidio Romano on Feb 04 ——————————————————————————– Blesta <= 5.13.1 (Admin Interface) Multiple PHP Object Injection Vulnerabilities ——————————————————————————– [-] Software Link: https://www.blesta.com [-] Affected Versions: All versions from 3.0.0 to 5.13.1. [-] Vulnerabilities Description: The vulnerabilities exist because user input passed through the… – Read More  – Full Disclosure 

  Posted by Egidio Romano on Feb 04 ————————————————————————– Blesta <= 5.13.1 (2Checkout) Multiple PHP Object Injection Vulnerabilities ————————————————————————– [-] Software Link: https://www.blesta.com [-] Affected Versions: All versions from 3.0.0 to 5.13.1. [-] Vulnerabilities Description: The vulnerabilities exist because user input passed through the… – Read More  – Full Disclosure 

  Posted by Thomas Weber | CyberDanube via Fulldisclosure on Feb 04 CyberDanube Security Research 20260119-0 ——————————————————————————- title| Authenticated Command Injection product| TC Router 5004T-5G EU vulnerable version| 1.06.18 fixed version| 1.06.23 CVE number| CVE-2025-41717 impact| High homepage| https://www.phoenixcontact.com/ found| 16.04.2025… – Read More  – Full Disclosure 

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 04 SEC Consult Vulnerability Lab Security Advisory < 20260202-0 > ======================================================================= title: Multiple vulnerabilities product: Native Instruments – Native Access (MacOS) vulnerable version: verified up to 3.22.0 fixed version: n/a CVE number: CVE-2026-24070, CVE-2026-24071              impact: high homepage:… – Read … Read More “SEC Consult SA-20260202-0 :: Multiple vulnerabilities in Native Instruments Native Access (MacOS)  – Full Disclosure” »

  Posted by Karol Wrótniak on Jan 29 Summary ======= A vulnerability was discovered in the popular JavaScript library ‘validator’. The isLength() function incorrectly handles Unicode Variation Selectors (U+FE0E and U+FE0F). An attacker can inject thousands of these zero-width characters into a string, causing the library to report a much smaller perceived length than the … Read More “CVE-2025-12758: Unicode Variation Selectors Bypass in ‘validator’ library (isLength)  – Full Disclosure” »

  Posted by Andrey Stoykov on Jan 29 Hi. I would like to publish my paper for exploiting XAMPP installations. Thanks, Andrey – Read More  – Full Disclosure 

  Posted by Andrey Stoykov on Jan 29 # Exploit Title: Elgg – Lack of Password Complexity # Date: 1/2026 # Exploit Author: Andrey Stoykov # Version: 6.3.3 # Tested on: Ubuntu 22.04 # Blog: https://msecureltd.blogspot.com/2026/01/friday-fun-pentest-series-48-weak.html // HTTP Request – Changing Password POST /action/usersettings/save HTTP/1.1 Host: elgg.local User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:148.0) … Read More “Weak Password Complexity – elggv6.3.3  – Full Disclosure” »

  Posted by Andrey Stoykov on Jan 29 # Exploit Title: Elgg – Username Enumeration # Date: 1/2026 # Exploit Author: Andrey Stoykov # Version: 6.3.3 # Tested on: Ubuntu 22.04 # Blog: https://msecureltd.blogspot.com/2026/01/friday-fun-pentest-series-47-lack-of.html // HTTP Request – Resetting Password – Valid User POST /action/user/requestnewpassword HTTP/1.1 Host: elgg.local User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; … Read More “Username Enumeration – elggv6.3.3  – Full Disclosure” »