fulldisclosure  

Messages by Thread

• [FD] SEC Consult SA-20260326-0 :: Local Privilege Escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] Apple OHTTP Relay: 14 Third-Party Endpoints, 6 Countries, Zero User Visibility Joseph Goydish II via Fulldisclosure
• [FD] [KIS-2026-06] MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability Egidio Romano
• [FD] [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security
• [FD] APPLE-SA-03-24-2026-10 Xcode 26.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-24-2026-9 Safari 26.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-24-2026-8 visionOS 26.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-24-2026-7 watchOS 26.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-24-2026-6 tvOS 26.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-24-2026-5 macOS Sonoma 14.8.5 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-24-2026-3 macOS Tahoe 26.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-24-2026-2 iOS 18.7.7 and iPadOS 18.7.7 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-24-2026-1 iOS 26.4 and iPadOS 26.4 Apple Product Security via Fulldisclosure
• [FD] [KIS-2026-05] MailEnable <= 10.54 Multiple Reflected Cross-Site Scripting Vulnerabilities Egidio Romano
• [FD] Dovecot Security Advisory OXDC-2026-0001 Aki Tuomi
• [FD] CVE-2026-33150, CVE-2026-33179: libfuse io_uring memory safety vulnerabilities (use-after-free, NULL deref) Abhinav Agarwal
• [FD] snap-confine + systemd-tmpfiles = root (CVE-2026-3888) Qualys Security Advisory via Fulldisclosure
• [FD] APPLE-SA-03-17-2026-1 Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2 Apple Product Security via Fulldisclosure
• [FD] SEC Consult SA-20260318-0 :: Multiple Privilege Escalation Vulnerabilities in Arturia Software Center MacOS SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] UPDATE: Ant Group Censors 4 Security Research Articles After Initial Complaint Rejection Jiqiang Feng via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 96): yet another SAFER (SRPv1) and AppLocker (SRPv2) loophole Stefan Kanthak via Fulldisclosure
• [FD] Alipay DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 17 Vulns, 6 CVEs (CVSS 9.3) Feng Ning via Fulldisclosure
• [FD] Cohesity TranZman Migration Appliance - 5 CVEs (command injection, LPE, unsigned patches, weak crypto) GregD via Fulldisclosure
• [FD] APPLE-SA-03-11-2026-2 iOS 15.8.7 and iPadOS 15.8.7 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-11-2026-1 iOS 16.7.15 and iPadOS 16.7.15 Apple Product Security via Fulldisclosure
• [FD] [KIS-2026-04] SmarterMail <= 9518 (MailboxId) Reflected Cross-Site Scripting Vulnerability Egidio Romano
• [FD] SEC Consult SA-20260212-0 :: Multiple Vulnerabilities in various Solax Power Pocket WiFi models SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] [Full Disclosure] CVE-2025-69690 & CVE-2025-69691 — Authenticated RCE in Netgate pfSense CE 2.7.2 and 2.8.0 privexploits via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-9 Safari 26.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-8 visionOS 26.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-7 watchOS 26.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-6 tvOS 26.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-5 macOS Sonoma 14.8.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-4 macOS Sequoia 15.7.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-3 macOS Tahoe 26.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-2 iOS 18.7.5 and iPadOS 18.7.5 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-1 iOS 26.3 and iPadOS 26.3 Apple Product Security via Fulldisclosure
• [FD] Blind XXE in Electronic Invoice online tools (validator.invoice-portal.de, xrechnung.rib.de) Hanno Böck
• [FD] 🚨 Public Disclosure: Remote BitLocker Bypass via Intel AMT — SYSTEM Access Without Login Darsh Naik
• [FD] Firedancer Solana Validator - QUIC Transport Parameter UB and Consensus-Splitting Cast Bug Agent Spooky's Fun Parade via Fulldisclosure
• [FD] [SYSS-2025-014] Linksys MX4200 - Improper Verification of Source of a Communication Channel Christian Zäske via Fulldisclosure
• [FD] [SYSS-2025-011] Linksys MX9600/MX4200 - OS Command Injection Christian Zäske via Fulldisclosure
• [FD] [SYSS-2025-010] Linksys MX9600/MX4200 - OS Command Injection Christian Zäske via Fulldisclosure
• [FD] [SYSS-2025-009] Linksys MX9600/MX4200 - SQL Injection Christian Zäske via Fulldisclosure
• [FD] [SYSS-2025-002] Linksys MX9600/MX4200 - Missing Authentication for Critical Function Christian Zäske via Fulldisclosure
• [FD] [SYSS-2025-001] Linksys MX9600/MX4200 - Path Traversal Christian Zäske via Fulldisclosure
• [FD] Asterisk Security Release 23.2.2 Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 21.12.1 Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 22.8.2 Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 20.18.2 Asterisk Development Team via Fulldisclosure
• [FD] Certified Asterisk Security Release certified-20.7-cert9 Asterisk Development Team via Fulldisclosure
• [FD] SEC Consult SA-20260202-0 :: Multiple vulnerabilities in Native Instruments Native Access (MacOS) SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] CyberDanube Security Research 20260119-0 | Authenticated Command Injection in Phoenix Contact TC Router Series Thomas Weber | CyberDanube via Fulldisclosure
• [FD] [KIS-2026-03] Blesta <= 5.13.1 (2Checkout) Multiple PHP Object Injection Vulnerabilities Egidio Romano
• [FD] [KIS-2026-02] Blesta <= 5.13.1 (Admin Interface) Multiple PHP Object Injection Vulnerabilities Egidio Romano
• [FD] [KIS-2026-01] Blesta <= 5.13.1 (confirm_url) Reflected Cross-Site Scripting Vulnerability Egidio Romano
• [FD] Username Enumeration - elggv6.3.3 Andrey Stoykov
• [FD] Weak Password Complexity - elggv6.3.3 Andrey Stoykov
• [FD] Paper-Exploiting XAMPP Installations Andrey Stoykov
• [FD] CVE-2025-12758: Unicode Variation Selectors Bypass in 'validator' library (isLength) Karol Wrótniak
• [FD] SEC Consult SA-20260126-2 :: UART Leaking Sensitive Data in dormakaba registration unit 9002 (PIN pad) SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20260126-1 :: Multiple Critical Vulnerabilities in dormakaba Access Manager SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20260126-0 :: Multiple Critical Vulnerabilities in dormakaba Kaba exos 9300 SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] [REVIVE-SA-2026-001] Revive Adserver Vulnerabilities Matteo Beccati
• [FD] Defense in depth -- the Microsoft way (part 95): the (shared) "Start Menu" is dispensable Stefan Kanthak via Fulldisclosure
• Re: [FD] Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group) Art Manion via Fulldisclosure
• [FD] RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in RIOT ethos Serial Frame Parser Ron E
• [FD] RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility via Unbounded Device Path Construction Ron E
• [FD] TinyOS 2.1.2 Stack-Based Buffer Overflow in mcp2200gpio Ron E
• [FD] TinyOS 2.1.2 printfUART Global Buffer Overflow via Unbounded Format Expansion Ron E
• [FD] KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking KoreLogic Disclosures via Fulldisclosure
• [FD] Panda3d v1.10.16 Uncontrolled Format String in Panda3D egg-mkfont Allows Stack Memory Disclosure Ron E
• [FD] Panda3d v1.10.16 egg-mkfont Stack Buffer Overflow Ron E
• [FD] Panda3d v1.10.16 deploy-stub Unbounded Stack Allocation Leading to Uninitialized Memory Ron E
• [FD] MongoDB v8.3.0 Integer Underflow in LMDB mdb_load Ron E
• [FD] Bioformats v8.3.0 Untrusted Deserialization of Bio-Formats Memoizer Cache Files Ron E
• [FD] Bioformats v8.3.0 Improper Restriction of XML External Entity Reference in Bio-Formats Leica Microsystems XML Parser Ron E
• [FD] MongoDB v8.3.0 Heap Buffer Underflow in OpenLDAP LMDB mdb_load Ron E
• [FD] zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility via Unbounded strcpy() on User-Supplied Archive Name Ron E
• [FD] SigInt-Hombre v1 / dynamic Suricata detection rules from real-time threat feeds malvuln
• [FD] Security Vulnerability in Koller Secret: Real Hidden App (com.koller.secret.hidemyphoto) duykham
• [FD] [KIS-2025-14] PKP-WAL <= 3.5.0-1 Login Cross-Site Request Forgery Vulnerability Egidio Romano
• [FD] [KIS-2025-13] PKP-WAL <= 3.5.0-3 (X-Forwarded-Host) LESS Code Injection Vulnerability Egidio Romano
• [FD] [KIS-2025-12] PKP-WAL <= 3.5.0-1 (baseColour) LESS Code Injection Vulnerability Egidio Romano
• [FD] [KIS-2025-11] Open Journal Systems <= 3.5.0-1 (NativeXmlIssueGalleyFilter.php) Path Traversal Vulnerability Egidio Romano
• [FD] [KIS-2025-10] PKP-WAL <= 3.5.0-1 (Institution Collector) SQL Injection Vulnerability Egidio Romano
• [FD] Backdoor.Win32.Poison.jh / Insecure Permissions malvuln
• [FD] Backdoor.Win32.Netbus.170 / Insecure Credential Storage / MVID-2025-0703 malvuln
• [FD] Defense in depth -- the Microsoft way (part 94): SAFER (SRPv1 and AppLocker alias SRPv2) bypass for dummies Stefan Kanthak via Fulldisclosure
• [FD] Backdoor.Win32.ControlTotal.t / Insecure Credential Storage / MVID-2025-0702 malvuln
• [FD] HEUR.Backdoor.Win32.Poison.gen / Arbitrary Code Execution / MVID-2025-0701 malvuln
• [FD] CyberDanube Security Research 20251215-0 | Multiple Vulnerabilities in Phoenix Contact FL Switch Series Thomas Weber | CyberDanube via Fulldisclosure
• [FD] [KIS-2025-09] Control Web Panel <= 0.9.8.1208 (admin/index.php) OS Command Injection Vulnerability Egidio Romano
• [FD] Raydium CP Swap: Unchecked Account Allows Creator Fee Hijacking LRKTBEYK LRKTBEYK
• [FD] [CFP] Security BSidesLjubljana 0x7EA | March 13, 2026 Andraz Sraka
• [FD] [KIS-2025-08] 1C-Bitrix <= 25.100.500 (Translate Module) Remote Code Execution Vulnerability Egidio Romano
• [FD] [KIS-2025-07] Bitrix24 <= 25.100.300 (Translate Module) Remote Code Execution Vulnerability Egidio Romano
• [FD] nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality Onur Tezcan via Fulldisclosure
• [FD] nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality Onur Tezcan via Fulldisclosure
• [FD] nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality. Onur Tezcan via Fulldisclosure
• [FD] nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area Onur Tezcan via Fulldisclosure
• [FD] nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality Onur Tezcan via Fulldisclosure
• [FD] APPLE-SA-12-12-2025-9 Safari 26.2 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-12-12-2025-8 visionOS 26.2 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-12-12-2025-7 watchOS 26.2 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-12-12-2025-6 tvOS 26.2 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-12-12-2025-5 macOS Sonoma 14.8.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-12-12-2025-4 macOS Sequoia 15.7.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-12-12-2025-3 macOS Tahoe 26.2 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-12-12-2025-2 iOS 18.7.3 and iPadOS 18.7.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-12-12-2025-1 iOS 26.2 and iPadOS 26.2 Apple Product Security via Fulldisclosure
• [FD] [SYSS-2025-060]: HP computer UEFI boot protection bypass Micha Borrmann via Fulldisclosure
• [FD] Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group) Yuffie Kisaragi via Fulldisclosure
  • [FD] Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group) Yuffie Kisaragi via Fulldisclosure
  • [FD] Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group) Yuffie Kisaragi via Fulldisclosure
  • Re: [FD] Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group) Marco Ermini via Fulldisclosure
  • Re: [FD] Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group) Yuffie Kisaragi via Fulldisclosure
  • Re: [FD] Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group) Wade Sparks
• [FD] 8 vulnerabilities in AudioCodes Fax/IVR Appliance Pierre Kim
• [FD] 2 vulnerabilities in Egovframe Pierre Kim
• [FD] [REVIVE-SA-2025-005] Revive Adserver Vulnerability Matteo Beccati
• [FD] Missing Critical Security Headers in Legality WHISTLEBLOWING Aerith Gainsborough via Fulldisclosure
• [FD] [REVIVE-SA-2025-004] Revive Adserver Vulnerabilities Matteo Beccati
• [FD] [REVIVE-SA-2025-003] Revive Adserver Vulnerabilities Matteo Beccati
• [FD] [SYSS-2025-059]: Dell computer UEFI boot protection bypass Micha Borrmann via Fulldisclosure
• [FD] APPLE-SA-11-13-2025-1 Compressor 4.11.1 Apple Product Security via Fulldisclosure
• [FD] OXAS-ADV-2025-0002: OX App Suite Security Advisory Martin Heiland via Fulldisclosure
• [FD] APPLE-SA-11-05-2025-1 iOS 18.7.2 and iPadOS 18.7.2 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-11-03-2025-9 Xcode 26.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-11-03-2025-8 Safari 26.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-11-03-2025-7 visionOS 26.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-11-03-2025-6 watchOS 26.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-11-03-2025-5 tvOS 26.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-11-03-2025-4 macOS Sonoma 14.8.2 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-11-03-2025-3 macOS Sequoia 15.7.2 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-11-03-2025-2 macOS Tahoe 26.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-11-03-2025-1 iOS 26.1 and iPadOS 26.1 Apple Product Security via Fulldisclosure
• Re: [FD] [oss-security] runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 [email protected]
• [FD] [SBA-ADV-20250729-01] CVE-2025-39663: Checkmk Cross Site Scripting SBA Research Security Advisory via Fulldisclosure
• [FD] SEC Consult SA-20251029-0 :: Unprotected NFC card manipulation leading to free top-up in GiroWeb Cashless Catering Solutions (only legacy customer infrastructure) SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] Dovecot CVE-2025-30189: Auth cache causes access to wrong account Aki Tuomi via Fulldisclosure
• [FD] SEC Consult SA-20251027-0 :: Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System #CVE-2025-12055 SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] Stored Cross-Site Scripting (XSS) via SVG File Upload - totaljsv5013 Andrey Stoykov
• [FD] Stored HTML Injection - Layout Functionality - totaljsv5013 Andrey Stoykov
• [FD] Stored Cross-Site Scripting (XSS) - Layout Functionality - totaljsv5013 Andrey Stoykov
• [FD] Current Password not Required When Changing Password - totaljsv5013 Andrey Stoykov
• [FD] Struts2 and Related Framework Array/Collection DoS Daniel Owens via Fulldisclosure
• [FD] [REVIVE-SA-2025-002] Revive Adserver Vulnerability Matteo Beccati
• [FD] [REVIVE-SA-2025-001] Revive Adserver Vulnerability Matteo Beccati
• [FD] [SYSS-2025-017]: Verbatim Store 'n' Go Secure Portable HDD (security update v1.0.0.6) - Offline brute-force attack Matthias Deeg via Fulldisclosure
• [FD] [SYSS-2025-016]: Verbatim Store 'n' Go Secure Portable SSD (security update v1.0.0.6) - Offline brute-force attack Matthias Deeg via Fulldisclosure
• [FD] [SYSS-2025-015]: Verbatim Keypad Secure (security update v1.0.0.6) - Offline brute-force attack Matthias Deeg via Fulldisclosure
• [FD] Malvuln - MISP compatible malware vulnerability intelligence feed now live malvuln
• [FD] BSidesSF 2026 CFP still open until October 28th BSidesSF CFP via Fulldisclosure
• [FD] Google Firebase hosting suspension / "malware distribution" bypass Security Explorations
• [FD] CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS Thomas Weber | CyberDanube via Fulldisclosure
• [FD] apis.google.com - Insecure redirect via __lu parameter (exploited in the wild) Patrick via Fulldisclosure
• [FD] Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a cve
• [FD] [SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal SBA Research Security Advisory via Fulldisclosure
• [FD] APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1 Apple Product Security via Fulldisclosure
• [FD] Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS) Christopher Dickinson via Fulldisclosure
  • Re: [FD] Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS) Gynvael Coldwind
• [FD] Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib Ron E
• [FD] Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow Ron E
• [FD] APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1 Apple Product Security via Fulldisclosure
• [FD] [SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files SBA Research Security Advisory via Fulldisclosure
• [FD] Stored HTML Injection - flatpressv1.4.1 Andrey Stoykov
• [FD] libgeotiff 1.7.4 Heap Buffer Overflow in geotifcp (libgeotiff) During 8-to-4 Bit Downsample with Odd Image Width Ron E
• [FD] Defense in depth -- the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11 Stefan Kanthak via Fulldisclosure
  • Re: [FD] Defense in depth -- the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11 Stefan Kanthak via Fulldisclosure
• [FD] CVE-2025-59397 - Open Web Analytics SQL Injection Seralys Research Team via Fulldisclosure
• [FD] APPLE-SA-09-29-2025-6 visionOS 26.0.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1 Apple Product Security via Fulldisclosure
• Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) josephgoyd via Fulldisclosure
  • Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) Noor Christensen
  • Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) Christoph Gruber
  • Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) josephgoyd via Fulldisclosure
  • Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) Jan Schermer
  • Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) Patrick via Fulldisclosure
  • Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) Joseph Goydish II via Fulldisclosure
• [FD] CyberDanube Security Research 20250909-0 | Cross-Site Scripting in Schneider ATV 630 Thomas Weber | CyberDanube via Fulldisclosure
• [FD] CyberDanube Security Research 20250919-0 | Multiple Vulnerabilities in Novakon P series Thomas Weber | CyberDanube via Fulldisclosure
• [FD] xpra server information disclosure Antoine Martin via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 94): BACKDOOR planted in AppLocker Stefan Kanthak via Fulldisclosure
  • [FD] Defense in depth -- the Microsoft way (part 94): BACKDOOR planted in AppLocker Stefan Kanthak via Fulldisclosure
• [FD] libelf 0.8.12 Stack-based buffer overflow in gmo2msg (libelf) via unbounded sprintf of lang argument Ron E
• [FD] Current Password not Required When Changing Password - flatpressv1.4.1 Andrey Stoykov
• [FD] [CFP] Burning River Cyber Con '25 - Cleveland, OH Burning River Cyber Con via Fulldisclosure
• [FD] libheif v1.21.0 Integer Overflow in Y4M Loader leading to Uncontrolled Memory Allocation Ron E
• [FD] SEC Consult SA-20250908-0 :: NFC Card Vulnerability Exploitation Leading to Free Top-Up in KioSoft "Stored Value" Unattended Payment Solution (Mifare) SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] libheif v1.21.0 Null Pointer Dereference in std::vector<unsigned>::empty Ron E
• [FD] DjVuLibre 3.5.29 IW44EncodeCodec Integer Overflow (Negative Left Shift in IW44Image::Map::Encode) Ron E
• [FD] FFmpeg 7.0+ Integer Overflow in FFmpeg yuvcmp Tool Leads to Out-of-Bounds Allocation Ron E
• [FD] Asterisk Security Release 20.15.2 Asterisk Development Team via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-3 iOS 16.7.12 and iPadOS 16.7.12 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-12 Xcode 26 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-11 Safari 26 Apple Product Security via Fulldisclosure

• Earlier messages