Category: Alert Feeds

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-8 visionOS 26.2 visionOS 26.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/125891. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. App Store Available for: Apple Vision Pro (all models) … Read More “APPLE-SA-12-12-2025-8 visionOS 26.2  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Dec 15 APPLE-SA-12-12-2025-9 Safari 26.2 Safari 26.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/125892. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Safari Available for: macOS Sonoma and macOS Sequoia Impact: … Read More “APPLE-SA-12-12-2025-9 Safari 26.2  – Full Disclosure” »

  Posted by Yuffie Kisaragi via Fulldisclosure on Dec 15 UPDATE: The reported vulnerabilities have now been assigned CVE identifiers: CVE-2025-34411: https://www.cve.org/cverecord?id=CVE-2025-34411 [https://www.cve.org/cverecord?id=CVE-2025-34411] CVE-2025-34412: https://www.cve.org/cverecord?id=CVE-2025-34412 [https://www.cve.org/cverecord?id=CVE-2025-34412] – Read More  – Full Disclosure 

  Posted by Onur Tezcan via Fulldisclosure on Dec 15 [Attack Vectors]       > It was detected that a Stored XSS vulnerability in the Attributes management workflow. An attacker can insert JavaScript into the Name field when adding a new Attribute Group (Catalog > Attributes > Specification attributes > Add Group > Name input field). To … Read More “nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality  – Full Disclosure” »

  Posted by Yuffie Kisaragi via Fulldisclosure on Dec 05 Advisory ID: CONVERCENT-2025-001 Title: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group) Date: 2025-12-04 Vendor: EQS Group Product: Convercent Whistleblowing Platform (app.convercent.com) Severity: Critical CVSS v4.0 Base Score: 9.3 Vector: AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N Summary A series of security weaknesses were identified in … Read More “Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)  – Full Disclosure” »

  Posted by Aerith Gainsborough via Fulldisclosure on Dec 01 Advisory ID: LEGALITYWHISTLEBLOWING-2025-001 Title: Missing Critical Security Headers in Legality WHISTLEBLOWING Date: 2025-11-29 Vendor: DigitalPA (segnalazioni.net) Severity: High CVSS v3.1 Base Score: 8.2 (High) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N Summary: Multiple public deployments of Legality WHISTLEBLOWING by DigitalPA are missing essential HTTP security headers. This misconfiguration exposes users … Read More “Missing Critical Security Headers in Legality WHISTLEBLOWING  – Full Disclosure” »

  Posted by Matteo Beccati on Dec 01 ======================================================================== Revive Adserver Security Advisory REVIVE-SA-2025-005 ———————————————————————— https://www.revive-adserver.com/security/revive-sa-2025-005 ———————————————————————— Date: 2025-11-26 Risk Level: Medium Applications affected: Revive… – Read More  – Full Disclosure 

  Posted by Pierre Kim on Dec 01 ## Advisory Information Title: 2 vulnerabilities in Egovframe Advisory URL: https://pierrekim.github.io/advisories/2025-egovframe.txt Blog URL: https://pierrekim.github.io/blog/2025-11-20-egovframe-2-vulnerabilities.html Date published: 2025-11-20 Vendors contacted: KISA/KrCERT Release mode: Released CVE: CVE-2025-34336, CVE-2025-34337 ## Product description Egovframe is a Java-based framework mainly used in the websites of the Government of… – Read More  – Full … Read More “2 vulnerabilities in Egovframe  – Full Disclosure” »

  Posted by Pierre Kim on Dec 01 ## Advisory Information Title: 8 vulnerabilities in AudioCodes Fax/IVR Appliance Advisory URL: https://pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txt Blog URL: https://pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilities.html Date published: 2025-11-20 Vendors contacted: Audiocodes Release mode: Released CVE: CVE-2025-34328, CVE-2025-34329, CVE-2025-34330, CVE-2025-34331, CVE-2025-34332, CVE-2025-34333,… – Read More  – Full Disclosure