Category: Alert Feeds

  Posted by cve on Oct 18 The critical vulnerabilities discovered within Mercku routers, specifically the M6a model, that could pose serious security threats to home networks. These issues allow remote code execution with minimal effort, tested against version 2.1.0 of the official firmware. I have also submitted a CVE request in June 2024 (CVE … Read More “Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a  – Full Disclosure” »

  Posted by Patrick via Fulldisclosure on Oct 18 —————————————————————————- Summary —————————————————————————- A CWE-601 (Open Redirect) vulnerability has been identified in the additnow functionality of apis.google.com. The vulnerability has been actively exploited in targeted phishing attacks since at least September 15, 2025…. – Read More  – Full Disclosure 

  Posted by Thomas Weber | CyberDanube via Fulldisclosure on Oct 18 CyberDanube Security Research 20251014-0 ——————————————————————————- title| Multiple Vulnerabilities product| QUINT4-UPS vulnerable version| VC:00<VC:07 fixed version| VC:07 (partially) CVE number| CVE-2025-41703, CVE-2025-41704, CVE-2025-41705, | CVE-2025-41706, CVE-2025-41707 impact| High… – Read More  – Full Disclosure 

  Posted by Gynvael Coldwind on Oct 15 Vendor Response Pattern Hi Christopher, Vendor is correct with this one. The problem isn’t the vendor’s site – it’s that the browser is already pwned with the malicious browser extension (this is site-agnostic). You’ve mentioned “No user interaction required beyond normal application usage.”, but having “Malicious browser … Read More “Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)  – Full Disclosure” »

  Posted by SBA Research Security Advisory via Fulldisclosure on Oct 13 # Checkmk Agent Privilege Escalation via Insecure Temporary Files # Link: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250724-01_Checkmk_Agent_Privilege_Escalation_via_Insecure_Temporary_Files ## Vulnerability Overview ## The `win_license` plugin as included in Checkmk agent for Windows versions before 2.4.0p13, 2.3.0p38 and 2.2.0p46, as well as since version 2.1.0b2 and 2.0.0p28 allows low privileged … Read More “[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files  – Full Disclosure” »

  Posted by SBA Research Security Advisory via Fulldisclosure on Oct 13 # Checkmk Path Traversal # Link: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250730-01_Checkmk_Path_Traversal ## Vulnerability Overview ## Checkmk in versions before 2.4.0p13, 2.3.0p38 and 2.2.0p46, as well as since version 2.1.0b1 is prone to a path traversal vulnerability in the report scheduler. Due to an insufficient validation of a … Read More “[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal  – Full Disclosure” »

  Posted by Christopher Dickinson via Fulldisclosure on Oct 13 Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com CVE Identifiers * CVE-2025-[PENDING] – Excessive Data Exposure / JWT Token Leakage * CVE-2025-[PENDING] – Broken Object Level Authorization (IDOR) * CVE-2025-[PENDING] – Unrestricted Resource Consumption (DoS) Executive Summary This security advisory details three significant vulnerabilities discovered in … Read More “Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)  – Full Disclosure” »

  Posted by Seralys Research Team via Fulldisclosure on Oct 08 Seralys Security Advisory | https://www.seralys.com/research ====================================================================== Title: SQL Injection Vulnerability Product: Open Web Analytics (OWA) Affected: Confirmed on 1.8.0 (older versions likely affected) Fixed in: 1.8.1 Vendor: Open Web Analytics (open-source) Discovered: August 2025 Severity: HIGH CWE: CWE-89: SQL Injection CVE: CVE-2025-59397… – Read More  … Read More “CVE-2025-59397 – Open Web Analytics SQL Injection  – Full Disclosure” »

  Posted by Stefan Kanthak via Fulldisclosure on Oct 07 On a fresh installation of the just released Windows 11 25H2 the former file %SystemRoot%System32SecurityHealth10.0.27840.1000-0SecurityHealthHost.exe is %SystemRoot%System32SecurityHealthHost.exe now, but the BUG persists: | svchost.exe (PID = 9876) identified \?C:WindowsSystem32SecurityHealthHost.exe | as Disallowed using default rule, Guid = 11015445-d282-4f86-96a2-9e485f593302 stay tuned, and far away from bug-riddled … Read More “Re: Defense in depth — the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11  – Full Disclosure” »

  Posted by full on Oct 07 Substack is down. If there is a replacement, it is appreciated. -x9p – Read More  – Full Disclosure 

  Posted by josephgoyd via Fulldisclosure on Oct 07 The GitHub link has a write up on the attack-chain. Along with the CNVD certs that were issued for validation. https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201 – Read More  – Full Disclosure 

  Posted by josephgoyd via Fulldisclosure on Oct 02 Updated repo location: https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201 Working exploit: https://www.dropbox.com/scl/fi/oerpnhq1ui3xfswsszfh2/Audio-clip.amr?rlkey=7n54m1o84poezyipxvd2f9slx&st=b1tkonvr&dl=0 – Read More  – Full Disclosure 

  Posted by josephgoyd via Fulldisclosure on Oct 02 Updated repo location: https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201 Working exploit: https://www.dropbox.com/scl/fi/ech6wdnpnyscbfiu2o8zh/IMG_1118.png?rlkey=jna5uo6aihs6tfbwtsk8fw7em&st=8c56raq8&dl=0 – Read More  – Full Disclosure 

  Posted by Ron E on Sep 30 A heap buffer overflow vulnerability exists in the geotifcp utility, distributed as part of libgeotiff. The flaw occurs in the function cpContig2ContigByRow_8_to_4 when processing TIFF images with an odd ImageWidth and using the -d option (downsampling from 8-bit to 4-bit). During conversion, the function iterates over pixels … Read More “libgeotiff 1.7.4 Heap Buffer Overflow in geotifcp (libgeotiff) During 8-to-4 Bit Downsample with Odd Image Width  – Full Disclosure” »

  Posted by Ron E on Sep 30 In the samtools coverage subcommand, the -w / –n-bins option allows the user to specify how many “bins” to produce in the coverage histogram. The code computes: stats[tid].bin_width = (stats[tid].end – stats[tid].beg) / n_bins; When the number of bins (n_bins) is extremely large relative to the region … Read More “Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow  – Full Disclosure” »

  Posted by Ron E on Sep 30 A denial-of-service vulnerability exists in Samtools and the underlying HTSlib when processing BED files containing extremely large interval values. The bed_index_core() function in bedidx.c uses the interval end coordinate to calculate allocation size without sufficient validation. By supplying a BED record with a crafted end coordinate (e.g., … Read More “Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1 macOS Sonoma 14.8.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125330. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: macOS Sonoma Impact: Processing … Read More “APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-6 visionOS 26.0.1 visionOS 26.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125338. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: Apple Vision Pro Impact: Processing a … Read More “APPLE-SA-09-29-2025-6 visionOS 26.0.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1 iOS 26.0.1 and iPadOS 26.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125326. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: … Read More “APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1 iOS 18.7.1 and iPadOS 18.7.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125327. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: … Read More “APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1 macOS Tahoe 26.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125328. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: macOS Tahoe Impact: Processing … Read More “APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 30 APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1 macOS Sequoia 15.7.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125329. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: macOS Sequoia Impact: Processing … Read More “APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1  – Full Disclosure” »