fulldisclosure

[FD] CyberDanube Security Research 20260408-1 | Multiple Vulnerabilities in Siemens SICAM A8000

Tue, 14 Apr 2026 17:12:19 GMT

2026/04/14 -- Thomas Weber | CyberDanube via Fulldisclosure

[FD] CyberDanube Security Research 20260408-0 | Remote Operation Denial of Service in Siemens SICAM A8000

Tue, 14 Apr 2026 17:10:22 GMT

2026/04/14 -- Thomas Weber | CyberDanube via Fulldisclosure

[FD] SEC Consult SA-20260414-0 :: Improper Enforcement of Locked Accounts in WebUI (SSO) in Kiuwan SAST on-premise (KOP) & cloud/SaaS

Tue, 14 Apr 2026 17:08:02 GMT

2026/04/14 -- SEC Consult Vulnerability Lab via Fulldisclosure

[FD] SEC Consult SA-20260326-0 :: Local Privilege Escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library

Fri, 03 Apr 2026 03:59:16 GMT

2026/04/03 -- SEC Consult Vulnerability Lab via Fulldisclosure

[FD] Apple OHTTP Relay: 14 Third-Party Endpoints, 6 Countries, Zero User Visibility

Fri, 03 Apr 2026 03:57:21 GMT

2026/04/03 -- Joseph Goydish II via Fulldisclosure

[FD] [KIS-2026-06] MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability

Fri, 03 Apr 2026 03:55:29 GMT

2026/04/03 -- Egidio Romano

[FD] [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability

Fri, 03 Apr 2026 03:53:27 GMT

2026/04/03 -- cyber security

[FD] APPLE-SA-03-24-2026-10 Xcode 26.4

Sun, 29 Mar 2026 03:33:07 GMT

2026/03/29 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-03-24-2026-9 Safari 26.4

Sun, 29 Mar 2026 03:31:29 GMT

2026/03/29 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-03-24-2026-8 visionOS 26.4

Sun, 29 Mar 2026 03:29:57 GMT

2026/03/29 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-03-24-2026-7 watchOS 26.4

Sun, 29 Mar 2026 03:28:21 GMT

2026/03/29 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-03-24-2026-6 tvOS 26.4

Sun, 29 Mar 2026 03:26:33 GMT

2026/03/29 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-03-24-2026-5 macOS Sonoma 14.8.5

Sun, 29 Mar 2026 03:25:00 GMT

2026/03/29 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5

Sun, 29 Mar 2026 03:23:28 GMT

2026/03/29 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-03-24-2026-3 macOS Tahoe 26.4

Sun, 29 Mar 2026 03:21:48 GMT

2026/03/29 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-03-24-2026-2 iOS 18.7.7 and iPadOS 18.7.7

Sun, 29 Mar 2026 03:20:12 GMT

2026/03/29 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-03-24-2026-1 iOS 26.4 and iPadOS 26.4

Sun, 29 Mar 2026 03:18:34 GMT

2026/03/29 -- Apple Product Security via Fulldisclosure

[FD] [KIS-2026-05] MailEnable <= 10.54 Multiple Reflected Cross-Site Scripting Vulnerabilities

Sun, 29 Mar 2026 03:16:56 GMT

2026/03/29 -- Egidio Romano

[FD] Dovecot Security Advisory OXDC-2026-0001

Sun, 29 Mar 2026 03:12:07 GMT

2026/03/29 -- Aki Tuomi

[FD] CVE-2026-33150, CVE-2026-33179: libfuse io_uring memory safety vulnerabilities (use-after-free, NULL deref)

Sun, 29 Mar 2026 03:09:50 GMT

2026/03/29 -- Abhinav Agarwal

[FD] snap-confine + systemd-tmpfiles = root (CVE-2026-3888)

Thu, 19 Mar 2026 14:39:06 GMT

2026/03/19 -- Qualys Security Advisory via Fulldisclosure

[FD] APPLE-SA-03-17-2026-1 Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2

Thu, 19 Mar 2026 14:37:13 GMT

2026/03/19 -- Apple Product Security via Fulldisclosure

[FD] SEC Consult SA-20260318-0 :: Multiple Privilege Escalation Vulnerabilities in Arturia Software Center MacOS

Thu, 19 Mar 2026 14:34:29 GMT

2026/03/19 -- SEC Consult Vulnerability Lab via Fulldisclosure

[FD] UPDATE: Ant Group Censors 4 Security Research Articles After Initial Complaint Rejection

Tue, 17 Mar 2026 05:02:05 GMT

2026/03/17 -- Jiqiang Feng via Fulldisclosure

[FD] Defense in depth -- the Microsoft way (part 96): yet another SAFER (SRPv1) and AppLocker (SRPv2) loophole

Thu, 12 Mar 2026 22:08:27 GMT

2026/03/12 -- Stefan Kanthak via Fulldisclosure

[FD] Alipay DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 17 Vulns, 6 CVEs (CVSS 9.3)

Thu, 12 Mar 2026 22:06:48 GMT

2026/03/12 -- Feng Ning via Fulldisclosure

[FD] Cohesity TranZman Migration Appliance - 5 CVEs (command injection, LPE, unsigned patches, weak crypto)

Thu, 12 Mar 2026 22:05:02 GMT

2026/03/12 -- GregD via Fulldisclosure

[FD] APPLE-SA-03-11-2026-2 iOS 15.8.7 and iPadOS 15.8.7

Thu, 12 Mar 2026 22:03:11 GMT

2026/03/12 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-03-11-2026-1 iOS 16.7.15 and iPadOS 16.7.15

Thu, 12 Mar 2026 22:01:15 GMT

2026/03/12 -- Apple Product Security via Fulldisclosure

[FD] [KIS-2026-04] SmarterMail <= 9518 (MailboxId) Reflected Cross-Site Scripting Vulnerability

Sun, 22 Feb 2026 18:06:04 GMT

2026/02/22 -- Egidio Romano

[FD] SEC Consult SA-20260212-0 :: Multiple Vulnerabilities in various Solax Power Pocket WiFi models

Mon, 16 Feb 2026 22:36:32 GMT

2026/02/16 -- SEC Consult Vulnerability Lab via Fulldisclosure

[FD] [Full Disclosure] CVE-2025-69690 & CVE-2025-69691 — Authenticated RCE in Netgate pfSense CE 2.7.2 and 2.8.0

Mon, 16 Feb 2026 22:32:08 GMT

2026/02/16 -- privexploits via Fulldisclosure

[FD] APPLE-SA-02-11-2026-9 Safari 26.3

Mon, 16 Feb 2026 22:24:16 GMT

2026/02/16 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-02-11-2026-8 visionOS 26.3

Mon, 16 Feb 2026 22:19:39 GMT

2026/02/16 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-02-11-2026-7 watchOS 26.3

Mon, 16 Feb 2026 22:15:20 GMT

2026/02/16 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-02-11-2026-6 tvOS 26.3

Mon, 16 Feb 2026 22:11:00 GMT

2026/02/16 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-02-11-2026-5 macOS Sonoma 14.8.4

Mon, 16 Feb 2026 22:06:38 GMT

2026/02/16 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-02-11-2026-4 macOS Sequoia 15.7.4

Mon, 16 Feb 2026 22:02:16 GMT

2026/02/16 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-02-11-2026-3 macOS Tahoe 26.3

Mon, 16 Feb 2026 21:58:03 GMT

2026/02/16 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-02-11-2026-2 iOS 18.7.5 and iPadOS 18.7.5

Mon, 16 Feb 2026 21:53:18 GMT

2026/02/16 -- Apple Product Security via Fulldisclosure

[FD] APPLE-SA-02-11-2026-1 iOS 26.3 and iPadOS 26.3

Mon, 16 Feb 2026 21:48:27 GMT

2026/02/16 -- Apple Product Security via Fulldisclosure

[FD] Blind XXE in Electronic Invoice online tools (validator.invoice-portal.de, xrechnung.rib.de)

Mon, 16 Feb 2026 21:43:37 GMT

2026/02/16 -- Hanno Böck

[FD] 🚨 Public Disclosure: Remote BitLocker Bypass via Intel AMT — SYSTEM Access Without Login

Mon, 16 Feb 2026 21:38:37 GMT

2026/02/16 -- Darsh Naik

[FD] Firedancer Solana Validator - QUIC Transport Parameter UB and Consensus-Splitting Cast Bug

Mon, 16 Feb 2026 21:33:52 GMT

2026/02/16 -- Agent Spooky's Fun Parade via Fulldisclosure

[FD] [SYSS-2025-014] Linksys MX4200 - Improper Verification of Source of a Communication Channel

Mon, 16 Feb 2026 21:26:51 GMT

2026/02/16 -- Christian Zäske via Fulldisclosure

[FD] [SYSS-2025-011] Linksys MX9600/MX4200 - OS Command Injection

Mon, 16 Feb 2026 21:21:59 GMT

2026/02/16 -- Christian Zäske via Fulldisclosure

[FD] [SYSS-2025-010] Linksys MX9600/MX4200 - OS Command Injection

Mon, 16 Feb 2026 21:17:16 GMT

2026/02/16 -- Christian Zäske via Fulldisclosure

[FD] [SYSS-2025-009] Linksys MX9600/MX4200 - SQL Injection

Mon, 16 Feb 2026 21:12:34 GMT

2026/02/16 -- Christian Zäske via Fulldisclosure

[FD] [SYSS-2025-002] Linksys MX9600/MX4200 - Missing Authentication for Critical Function

Mon, 16 Feb 2026 21:07:33 GMT

2026/02/16 -- Christian Zäske via Fulldisclosure

[FD] [SYSS-2025-001] Linksys MX9600/MX4200 - Path Traversal

Mon, 16 Feb 2026 21:02:18 GMT

2026/02/16 -- Christian Zäske via Fulldisclosure

[FD] Asterisk Security Release 23.2.2

Sun, 08 Feb 2026 04:36:17 GMT

2026/02/08 -- Asterisk Development Team via Fulldisclosure

[FD] Asterisk Security Release 21.12.1

Sun, 08 Feb 2026 04:31:49 GMT

2026/02/08 -- Asterisk Development Team via Fulldisclosure

[FD] Asterisk Security Release 22.8.2

Sun, 08 Feb 2026 04:27:25 GMT

2026/02/08 -- Asterisk Development Team via Fulldisclosure

[FD] Asterisk Security Release 20.18.2

Sun, 08 Feb 2026 04:22:42 GMT

2026/02/08 -- Asterisk Development Team via Fulldisclosure

[FD] Certified Asterisk Security Release certified-20.7-cert9

Sun, 08 Feb 2026 04:17:26 GMT

2026/02/08 -- Asterisk Development Team via Fulldisclosure

[FD] SEC Consult SA-20260202-0 :: Multiple vulnerabilities in Native Instruments Native Access (MacOS)

Thu, 05 Feb 2026 05:11:44 GMT

2026/02/05 -- SEC Consult Vulnerability Lab via Fulldisclosure

[FD] CyberDanube Security Research 20260119-0 | Authenticated Command Injection in Phoenix Contact TC Router Series

Thu, 05 Feb 2026 05:07:14 GMT

2026/02/05 -- Thomas Weber | CyberDanube via Fulldisclosure

[FD] [KIS-2026-03] Blesta <= 5.13.1 (2Checkout) Multiple PHP Object Injection Vulnerabilities

Thu, 05 Feb 2026 05:02:53 GMT

2026/02/05 -- Egidio Romano

[FD] [KIS-2026-02] Blesta <= 5.13.1 (Admin Interface) Multiple PHP Object Injection Vulnerabilities

Thu, 05 Feb 2026 04:58:01 GMT

2026/02/05 -- Egidio Romano

[FD] [KIS-2026-01] Blesta <= 5.13.1 (confirm_url) Reflected Cross-Site Scripting Vulnerability

Thu, 05 Feb 2026 04:52:41 GMT

2026/02/05 -- Egidio Romano

[FD] Username Enumeration - elggv6.3.3

Thu, 29 Jan 2026 21:47:00 GMT

2026/01/29 -- Andrey Stoykov

[FD] Weak Password Complexity - elggv6.3.3

Thu, 29 Jan 2026 21:42:23 GMT

2026/01/29 -- Andrey Stoykov

[FD] Paper-Exploiting XAMPP Installations

Thu, 29 Jan 2026 21:37:27 GMT

2026/01/29 -- Andrey Stoykov

[FD] CVE-2025-12758: Unicode Variation Selectors Bypass in 'validator' library (isLength)

Thu, 29 Jan 2026 21:32:23 GMT

2026/01/29 -- Karol Wrótniak

Re: [FD] Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)

Tue, 27 Jan 2026 04:55:27 GMT

2026/01/27 -- Yuffie Kisaragi via Fulldisclosure

Re: [FD] Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)

Tue, 27 Jan 2026 04:48:41 GMT

2026/01/27 -- Marco Ermini via Fulldisclosure

[FD] SEC Consult SA-20260126-2 :: UART Leaking Sensitive Data in dormakaba registration unit 9002 (PIN pad)

Tue, 27 Jan 2026 04:42:04 GMT

2026/01/27 -- SEC Consult Vulnerability Lab via Fulldisclosure

[FD] SEC Consult SA-20260126-1 :: Multiple Critical Vulnerabilities in dormakaba Access Manager

Tue, 27 Jan 2026 04:37:24 GMT

2026/01/27 -- SEC Consult Vulnerability Lab via Fulldisclosure

[FD] SEC Consult SA-20260126-0 :: Multiple Critical Vulnerabilities in dormakaba Kaba exos 9300

Tue, 27 Jan 2026 04:32:02 GMT

2026/01/27 -- SEC Consult Vulnerability Lab via Fulldisclosure

Re: [FD] Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)

Wed, 21 Jan 2026 20:35:37 GMT

2026/01/21 -- Wade Sparks

[FD] [REVIVE-SA-2026-001] Revive Adserver Vulnerabilities

Thu, 15 Jan 2026 11:11:46 GMT

2026/01/15 -- Matteo Beccati

[FD] Defense in depth -- the Microsoft way (part 95): the (shared) "Start Menu" is dispensable

Sun, 11 Jan 2026 04:49:17 GMT

2026/01/11 -- Stefan Kanthak via Fulldisclosure

Re: [FD] Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)

Sun, 11 Jan 2026 04:44:43 GMT

2026/01/11 -- Art Manion via Fulldisclosure

[FD] RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in RIOT ethos Serial Frame Parser

Sun, 11 Jan 2026 04:40:20 GMT

2026/01/11 -- Ron E

[FD] RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility via Unbounded Device Path Construction

Sun, 11 Jan 2026 04:35:41 GMT

2026/01/11 -- Ron E

[FD] TinyOS 2.1.2 Stack-Based Buffer Overflow in mcp2200gpio

Sun, 11 Jan 2026 04:30:46 GMT

2026/01/11 -- Ron E

[FD] TinyOS 2.1.2 printfUART Global Buffer Overflow via Unbounded Format Expansion

Sun, 11 Jan 2026 04:25:34 GMT

2026/01/11 -- Ron E

[FD] KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking

Thu, 08 Jan 2026 21:05:22 GMT

2026/01/08 -- KoreLogic Disclosures via Fulldisclosure

[FD] Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)

Tue, 06 Jan 2026 07:52:16 GMT

2026/01/06 -- Yuffie Kisaragi via Fulldisclosure

[FD] Panda3d v1.10.16 Uncontrolled Format String in Panda3D egg-mkfont Allows Stack Memory Disclosure

Tue, 06 Jan 2026 07:47:47 GMT

2026/01/06 -- Ron E

[FD] Panda3d v1.10.16 egg-mkfont Stack Buffer Overflow

Tue, 06 Jan 2026 07:43:22 GMT

2026/01/06 -- Ron E

[FD] Panda3d v1.10.16 deploy-stub Unbounded Stack Allocation Leading to Uninitialized Memory

Tue, 06 Jan 2026 07:39:00 GMT

2026/01/06 -- Ron E

[FD] MongoDB v8.3.0 Integer Underflow in LMDB mdb_load

Tue, 06 Jan 2026 07:34:31 GMT

2026/01/06 -- Ron E

[FD] Bioformats v8.3.0 Untrusted Deserialization of Bio-Formats Memoizer Cache Files

Tue, 06 Jan 2026 07:30:03 GMT

2026/01/06 -- Ron E

[FD] Bioformats v8.3.0 Improper Restriction of XML External Entity Reference in Bio-Formats Leica Microsystems XML Parser

Tue, 06 Jan 2026 07:25:37 GMT

2026/01/06 -- Ron E

[FD] MongoDB v8.3.0 Heap Buffer Underflow in OpenLDAP LMDB mdb_load

Tue, 06 Jan 2026 07:21:16 GMT

2026/01/06 -- Ron E

[FD] zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility via Unbounded strcpy() on User-Supplied Archive Name

Tue, 06 Jan 2026 07:16:27 GMT

2026/01/06 -- Ron E

[FD] SigInt-Hombre v1 / dynamic Suricata detection rules from real-time threat feeds

Tue, 06 Jan 2026 07:11:42 GMT

2026/01/06 -- malvuln

[FD] Security Vulnerability in Koller Secret: Real Hidden App (com.koller.secret.hidemyphoto)

Tue, 06 Jan 2026 07:06:31 GMT

2026/01/06 -- duykham

[FD] [KIS-2025-14] PKP-WAL <= 3.5.0-1 Login Cross-Site Request Forgery Vulnerability

Sun, 28 Dec 2025 05:49:14 GMT

2025/12/28 -- Egidio Romano

[FD] [KIS-2025-13] PKP-WAL <= 3.5.0-3 (X-Forwarded-Host) LESS Code Injection Vulnerability

Sun, 28 Dec 2025 05:44:45 GMT

2025/12/28 -- Egidio Romano

[FD] [KIS-2025-12] PKP-WAL <= 3.5.0-1 (baseColour) LESS Code Injection Vulnerability

Sun, 28 Dec 2025 05:40:13 GMT

2025/12/28 -- Egidio Romano

[FD] [KIS-2025-11] Open Journal Systems <= 3.5.0-1 (NativeXmlIssueGalleyFilter.php) Path Traversal Vulnerability

Sun, 28 Dec 2025 05:35:42 GMT

2025/12/28 -- Egidio Romano

[FD] [KIS-2025-10] PKP-WAL <= 3.5.0-1 (Institution Collector) SQL Injection Vulnerability

Sun, 28 Dec 2025 05:31:09 GMT

2025/12/28 -- Egidio Romano

[FD] Backdoor.Win32.Poison.jh / Insecure Permissions

Sun, 28 Dec 2025 05:26:14 GMT

2025/12/28 -- malvuln

[FD] Backdoor.Win32.Netbus.170 / Insecure Credential Storage / MVID-2025-0703

Sun, 28 Dec 2025 05:21:03 GMT

2025/12/28 -- malvuln

[FD] Defense in depth -- the Microsoft way (part 94): SAFER (SRPv1 and AppLocker alias SRPv2) bypass for dummies

Tue, 23 Dec 2025 00:58:12 GMT

2025/12/23 -- Stefan Kanthak via Fulldisclosure

[FD] Backdoor.Win32.ControlTotal.t / Insecure Credential Storage / MVID-2025-0702

Tue, 23 Dec 2025 00:53:23 GMT

2025/12/23 -- malvuln

[FD] HEUR.Backdoor.Win32.Poison.gen / Arbitrary Code Execution / MVID-2025-0701

Tue, 23 Dec 2025 00:47:34 GMT

2025/12/23 -- malvuln

[FD] CyberDanube Security Research 20251215-0 | Multiple Vulnerabilities in Phoenix Contact FL Switch Series

Thu, 18 Dec 2025 07:07:29 GMT

2025/12/18 -- Thomas Weber | CyberDanube via Fulldisclosure