Mail Index

• Thread Index

• [FD] Microsoft Windows .XRM-MS File / NTLM Information Disclosure Spoofing
  • From: hyp3rlinx
• [FD] BeyondTrust PRA connection takeover - CVE-2025-0217
  • From: Paul Szabo via Fulldisclosure
• [FD] ArcGIS Hidden Functionality Allows Insecure OAuth 2.0 Based Authentication - CVE-2025-0020 VSL-2025-21
  • From: CVE - VULSec Labs via Fulldisclosure
• [FD] secuvera-SA-2025-01: Privilege Escalation in Automic Automation Agent Unix
  • From: Flo Schäfer via Fulldisclosure
• [FD] [KIS-2025-02] Invision Community <= 5.0.6 (customCss) Remote Code Execution Vulnerability
  • From: Egidio Romano
• [FD] APPLE-SA-05-12-2025-1 iOS 18.5 and iPadOS 18.5
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-2 iPadOS 17.7.7
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-3 macOS Sequoia 15.5
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-4 macOS Sonoma 14.7.6
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-5 macOS Ventura 13.7.6
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-6 watchOS 11.5
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-7 tvOS 18.5
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-8 visionOS 2.5
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-9 Safari 18.5
  • From: Apple Product Security via Fulldisclosure
• [FD] Persistent Cross-Site Scripting in Economizzer Cashbook Entry
  • From: Ron E
• [FD] Persistent Cross-Site Scripting in Economizzer Category Entry
  • From: Ron E
• [FD] Session Invalidation in Economizzer Allows Unauthorized Access After Logout
  • From: Ron E
• [FD] SEC Consult SA-20250422-0:: Local Privilege Escalation via DLL Search Order Hijacking
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20250429-0 :: Multiple Vulnerabilities in HP Wolf Security Controller and more
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20250506-0 :: Honeywell MB Secure Authenticated Command Injection
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] CVE-2025-30072 Tiiwee X1 Alarm System - Authentication Bypass by Capture-replay
  • From: Sebastian Auwärter via Fulldisclosure
• [FD] Unauthenticated Blind SQL Injection | RSI queue management system - V 3.0 | CVE-2025-26086
  • From: Shaikh Shahnawaz
• [FD] Structured Query Language Injection in frappe.desk.reportview.get_list Endpoint in Frappe Framework
  • From: Ron E
• [FD] SEC Consult SA-20250521-0 :: Multiple Vulnerabilities in eCharge Hardy Barth cPH2 and cPP2 charging stations
  • From: SEC Consult Vulnerability Lab via Fulldisclosure