Mail Thread Index

• Date Index

---

• [FD] bmcweb (OpenBMC web server): four vulnerabilities — two unfixed, GHSA without a CVE, binreaper via Fulldisclosure
• [FD] CyberDanube Security Research 20260528-0 | Multiple Vulnerabilities in Multiple Vulnerabilities in Mennekes Amtron Series, Thomas Weber | CyberDanube via Fulldisclosure
• [FD] [REVIVE-SA-2026-002] Revive Adserver Vulnerabilities, Matteo Beccati
• [FD] [SYSS-2026-004] SAP NetWeaver SAML XML Signature Wrapping, Moritz Bechler via Fulldisclosure
• [FD] SEC Consult SA-20260608-0 :: Privilege Escalation via Binary Planting in Genetec-provided RabbitMQ in multiple Genetec products, SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] [KIS-2026-09] Discuz! X5.0 (UC_KEY) Cross-Context Token Reuse Vulnerability, Egidio Romano
• [FD] [KIS-2026-10] Discuz! <= X5.0 OCR-based CAPTCHA Bypass Vulnerability, Egidio Romano
• [FD] [KIS-2026-11] Discuz! <= X5.0 (enable_disable.php) Local File Inclusion Vulnerability, Egidio Romano
• [FD] SEC Consult SA-20260609-0 :: Multiple Local Privilege Escalation Vulnerabilities in Waves Audio - Waves Central, SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20260610-0 :: Local Privilege Escalation in Slate Digital Connect (macOS), SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20260615-1 :: Multiple Vulnerabilities in Wertheim SafeController Hardware for VAULT ROOMS (Safe Deposit Locker System – Microcontroller), SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] CVE-2025-68624: Cross-Tenant Authentication Bypass by Spoofing in N-able Mail Assure, Alessandro Bertoldi BCS via Fulldisclosure
• [FD] PHP 8.5.7 `FILTER_SANITIZE_ENCODED` uninitialized read, Khashayar Fereidani
• [FD] PHP 8.5.7 `mb_substr()` 'SJIS-mac' size_t underflow, Khashayar Fereidani
• [FD] PHP 8.5.7 `dom_xml_serialization_algorithm()` stack-overflow, Khashayar Fereidani
• [FD] PHP 8.5.7 `levenshtein()` signed-integer overflow, Khashayar Fereidani
• [FD] APPLE-SA-06-16-2026-1 Beats Firmware Update 1B211, Apple Product Security via Fulldisclosure
• [FD] SEC Consult SA-20260616-0 :: Broken Access Control in syracom AG Secure Login (2FA) for Atlassian Jira / Confluence / Bitbucket #CVE-2026-12225, SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20260617-0 :: Multiple Critical Vulnerabilities in Sprecher Automation SPRECON-E-C/-E-P/-E-T3, SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20260617-1 :: Multiple Vulnerabilities in Quanos Content Solutions - SCHEMA ST4, SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20260618-0 :: Hardcoded Root Cloud Credentials in Application Binaries in Silver Leaf Technologies - Worksnaps.net Worksnaps, SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] OpenBSD sppp_pap_input: PAP authentication bypass, shj
• [FD] OpenBSD mpls_do_error: Remote Kernel Stack Disclosure via MPLS Label Stack Over-read, shj

---

Mail converted by MHonArc