Mail Index

• Thread Index

• [FD] iOS Activation Flaw Enables Pre-User Device Compromise and Identity Exposure (iOS 18.5)
  • From: josephgoyd via Fulldisclosure
• [FD] Session Fixation - bluditv3.16.2
  • From: Andrey Stoykov
• [FD] Stored XSS "Add New Content" Functionality - bluditv3.16.2
  • From: Andrey Stoykov
• [FD] XSS via SVG File Uploa - bluditv3.16.2
  • From: Andrey Stoykov
• [FD] Directory Traversal "Site Title" - bluditv3.16.2
  • From: Andrey Stoykov
• [FD] eSIM security research (GSMA eUICC compromise and certificate theft)
  • From: Security Explorations
• [FD] KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities
  • From: Egidio Romano
• [FD] SAP NetWeaver S/4HANA - ABAP Code Execution via Internal Function
  • From: Office nullFaktor GmbH
• [FD] Missing Critical Security Headers in OpenBlow
  • From: Tifa Lockhart via Fulldisclosure
• [FD] Multiple vulnerabilities in the web management interface of Intelbras routers
  • From: Gabriel Augusto Vaz de Lima via Fulldisclosure
• [FD] KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] AK-Nord USB-Server-LXL privilege escalation and code execution (CVE-2025-52361)
  • From: Marcus Krueppel
• [FD] [KIS-2025-04] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability
  • From: Egidio Romano
• [FD] Stored XSS "Edit Header" Functionality - seotoasterv2.5.0
  • From: Andrey Stoykov
• [FD] Open Redirect "Login Page" Functionality - seotoasterv2.5.0
  • From: Andrey Stoykov
• [FD] Stored XSS "Create Page" Functionality - seotoasterv2.5.0
  • From: Andrey Stoykov
• [FD] Stored XSS "Edit General Info" Functionality - seotoasterv2.5.0
  • From: Andrey Stoykov
• Re: [FD] Multiple vulnerabilities in the web management interface of Intelbras routers
  • From: Palula Brasil
• [FD] Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting Vulnerability
  • From: Egidio Romano
• [FD] CVE‑2025‑52187 – Stored XSS in School Management System (PHP/MySQL)
  • From: Sanjay Singh
• [FD] Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability
  • From: Egidio Romano
• [FD] APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-07-29-2025-2 iPadOS 17.7.9
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-07-29-2025-3 macOS Sequoia 15.6
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-07-29-2025-4 macOS Sonoma 14.7.7
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-07-29-2025-5 macOS Ventura 13.7.7
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-07-29-2025-6 watchOS 11.6
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-07-29-2025-7 tvOS 18.6
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-07-29-2025-8 visionOS 2.6
  • From: Apple Product Security via Fulldisclosure
• [FD] St. Pölten UAS 20250721-0 | Multiple Vulnerabilities in Helmholz Industrial Router REX100 / mbNET.mini
  • From: Thomas Weber | CyberDanube via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 90): "Digital Signature" property sheet missing without "Read Extended Attributes" access permission
  • From: Stefan Kanthak via Fulldisclosure