Mail Index
- [FD] APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1
- From: Apple Product Security via Fulldisclosure
- [FD] APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1
- From: Apple Product Security via Fulldisclosure
- [FD] APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1
- From: Apple Product Security via Fulldisclosure
- [FD] APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1
- From: Apple Product Security via Fulldisclosure
- [FD] APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1
- From: Apple Product Security via Fulldisclosure
- [FD] APPLE-SA-09-29-2025-6 visionOS 26.0.1
- From: Apple Product Security via Fulldisclosure
- [FD] libgeotiff 1.7.4 Heap Buffer Overflow in geotifcp (libgeotiff) During 8-to-4 Bit Downsample with Odd Image Width
- [FD] Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
- [FD] Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
- Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft
- From: josephgoyd via Fulldisclosure
- Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
- From: josephgoyd via Fulldisclosure
- Re: [FD] Defense in depth -- the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11
- From: Stefan Kanthak via Fulldisclosure
- Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft
- Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft
- From: josephgoyd via Fulldisclosure
- [FD] CVE-2025-59397 - Open Web Analytics SQL Injection
- From: Seralys Research Team via Fulldisclosure
- [FD] [SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
- From: SBA Research Security Advisory via Fulldisclosure
- [FD] [SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
- From: SBA Research Security Advisory via Fulldisclosure
- [FD] Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
- From: Christopher Dickinson via Fulldisclosure
- Re: [FD] Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
- [FD] Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
- [FD] apis.google.com - Insecure redirect via __lu parameter (exploited in the wild)
- From: Patrick via Fulldisclosure
- [FD] CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
- From: Thomas Weber | CyberDanube via Fulldisclosure
- [FD] BSidesSF 2026 CFP still open until October 28th
- From: BSidesSF CFP via Fulldisclosure
- [FD] Malvuln - MISP compatible malware vulnerability intelligence feed now live
- [FD] [SYSS-2025-015]: Verbatim Keypad Secure (security update v1.0.0.6) - Offline brute-force attack
- From: Matthias Deeg via Fulldisclosure
- [FD] [SYSS-2025-016]: Verbatim Store 'n' Go Secure Portable SSD (security update v1.0.0.6) - Offline brute-force attack
- From: Matthias Deeg via Fulldisclosure
- [FD] [SYSS-2025-017]: Verbatim Store 'n' Go Secure Portable HDD (security update v1.0.0.6) - Offline brute-force attack
- From: Matthias Deeg via Fulldisclosure
- [FD] SEC Consult SA-20251021-0 :: Multiple Vulnerabilities in EfficientLab WorkExaminer Professional (CVE-2025-10639, CVE-2025-10640, CVE-2025-10641)
- From: SEC Consult Vulnerability Lab via Fulldisclosure
- [FD] [REVIVE-SA-2025-001] Revive Adserver Vulnerability
- [FD] [REVIVE-SA-2025-002] Revive Adserver Vulnerability
- [FD] Struts2 and Related Framework Array/Collection DoS
- From: Daniel Owens via Fulldisclosure
- Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
- [FD] Current Password not Required When Changing Password - totaljsv5013
- [FD] Stored Cross-Site Scripting (XSS) - Layout Functionality - totaljsv5013
- [FD] Stored HTML Injection - Layout Functionality - totaljsv5013
- [FD] SEC Consult SA-20251027-0 :: Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System #CVE-2025-12055
- From: SEC Consult Vulnerability Lab via Fulldisclosure
- [FD] Dovecot CVE-2025-30189: Auth cache causes access to wrong account
- From: Aki Tuomi via Fulldisclosure
- Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
- Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
- From: josephgoyd via Fulldisclosure
- [FD] SEC Consult SA-20251029-0 :: Unprotected NFC card manipulation leading to free top-up in GiroWeb Cashless Catering Solutions (only legacy customer infrastructure)
- From: SEC Consult Vulnerability Lab via Fulldisclosure
Mail converted by MHonArc