Mail Index

• Thread Index

• [FD] bmcweb (OpenBMC web server): four vulnerabilities — two unfixed, GHSA without a CVE
  • From: binreaper via Fulldisclosure
• [FD] CyberDanube Security Research 20260528-0 | Multiple Vulnerabilities in Multiple Vulnerabilities in Mennekes Amtron Series
  • From: Thomas Weber | CyberDanube via Fulldisclosure
• [FD] [REVIVE-SA-2026-002] Revive Adserver Vulnerabilities
  • From: Matteo Beccati
• [FD] [SYSS-2026-004] SAP NetWeaver SAML XML Signature Wrapping
  • From: Moritz Bechler via Fulldisclosure
• [FD] SEC Consult SA-20260608-0 :: Privilege Escalation via Binary Planting in Genetec-provided RabbitMQ in multiple Genetec products
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] [KIS-2026-09] Discuz! X5.0 (UC_KEY) Cross-Context Token Reuse Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2026-10] Discuz! <= X5.0 OCR-based CAPTCHA Bypass Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2026-11] Discuz! <= X5.0 (enable_disable.php) Local File Inclusion Vulnerability
  • From: Egidio Romano
• [FD] SEC Consult SA-20260609-0 :: Multiple Local Privilege Escalation Vulnerabilities in Waves Audio - Waves Central
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20260610-0 :: Local Privilege Escalation in Slate Digital Connect (macOS)
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20260615-1 :: Multiple Vulnerabilities in Wertheim SafeController Hardware for VAULT ROOMS (Safe Deposit Locker System – Microcontroller)
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] CVE-2025-68624: Cross-Tenant Authentication Bypass by Spoofing in N-able Mail Assure
  • From: Alessandro Bertoldi BCS via Fulldisclosure
• [FD] PHP 8.5.7 `FILTER_SANITIZE_ENCODED` uninitialized read
  • From: Khashayar Fereidani
• [FD] PHP 8.5.7 `mb_substr()` 'SJIS-mac' size_t underflow
  • From: Khashayar Fereidani
• [FD] PHP 8.5.7 `dom_xml_serialization_algorithm()` stack-overflow
  • From: Khashayar Fereidani
• [FD] PHP 8.5.7 `levenshtein()` signed-integer overflow
  • From: Khashayar Fereidani
• [FD] APPLE-SA-06-16-2026-1 Beats Firmware Update 1B211
  • From: Apple Product Security via Fulldisclosure
• [FD] SEC Consult SA-20260616-0 :: Broken Access Control in syracom AG Secure Login (2FA) for Atlassian Jira / Confluence / Bitbucket #CVE-2026-12225
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20260617-0 :: Multiple Critical Vulnerabilities in Sprecher Automation SPRECON-E-C/-E-P/-E-T3
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20260617-1 :: Multiple Vulnerabilities in Quanos Content Solutions - SCHEMA ST4
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20260618-0 :: Hardcoded Root Cloud Credentials in Application Binaries in Silver Leaf Technologies - Worksnaps.net Worksnaps
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] OpenBSD sppp_pap_input: PAP authentication bypass
  • From: shj
• [FD] OpenBSD mpls_do_error: Remote Kernel Stack Disclosure via MPLS Label Stack Over-read
  • From: shj