Mail Index

• Thread Index

• [FD] [KIS-2026-01] Blesta <= 5.13.1 (confirm_url) Reflected Cross-Site Scripting Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2026-02] Blesta <= 5.13.1 (Admin Interface) Multiple PHP Object Injection Vulnerabilities
  • From: Egidio Romano
• [FD] [KIS-2026-03] Blesta <= 5.13.1 (2Checkout) Multiple PHP Object Injection Vulnerabilities
  • From: Egidio Romano
• [FD] CyberDanube Security Research 20260119-0 | Authenticated Command Injection in Phoenix Contact TC Router Series
  • From: Thomas Weber | CyberDanube via Fulldisclosure
• [FD] SEC Consult SA-20260202-0 :: Multiple vulnerabilities in Native Instruments Native Access (MacOS)
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] Certified Asterisk Security Release certified-20.7-cert9
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 20.18.2
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 22.8.2
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 21.12.1
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 23.2.2
  • From: Asterisk Development Team via Fulldisclosure
• [FD] [SYSS-2025-001] Linksys MX9600/MX4200 - Path Traversal
  • From: Christian Zäske via Fulldisclosure
• [FD] [SYSS-2025-002] Linksys MX9600/MX4200 - Missing Authentication for Critical Function
  • From: Christian Zäske via Fulldisclosure
• [FD] [SYSS-2025-009] Linksys MX9600/MX4200 - SQL Injection
  • From: Christian Zäske via Fulldisclosure
• [FD] [SYSS-2025-010] Linksys MX9600/MX4200 - OS Command Injection
  • From: Christian Zäske via Fulldisclosure
• [FD] [SYSS-2025-011] Linksys MX9600/MX4200 - OS Command Injection
  • From: Christian Zäske via Fulldisclosure
• [FD] [SYSS-2025-014] Linksys MX4200 - Improper Verification of Source of a Communication Channel
  • From: Christian Zäske via Fulldisclosure
• [FD] Firedancer Solana Validator - QUIC Transport Parameter UB and Consensus-Splitting Cast Bug
  • From: Agent Spooky's Fun Parade via Fulldisclosure
• [FD] 🚨 Public Disclosure: Remote BitLocker Bypass via Intel AMT — SYSTEM Access Without Login
  • From: Darsh Naik
• [FD] Blind XXE in Electronic Invoice online tools (validator.invoice-portal.de, xrechnung.rib.de)
  • From: Hanno Böck
• [FD] APPLE-SA-02-11-2026-1 iOS 26.3 and iPadOS 26.3
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-2 iOS 18.7.5 and iPadOS 18.7.5
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-3 macOS Tahoe 26.3
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-4 macOS Sequoia 15.7.4
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-5 macOS Sonoma 14.8.4
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-6 tvOS 26.3
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-7 watchOS 26.3
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-8 visionOS 26.3
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-9 Safari 26.3
  • From: Apple Product Security via Fulldisclosure
• [FD] [Full Disclosure] CVE-2025-69690 & CVE-2025-69691 — Authenticated RCE in Netgate pfSense CE 2.7.2 and 2.8.0
  • From: privexploits via Fulldisclosure
• [FD] SEC Consult SA-20260212-0 :: Multiple Vulnerabilities in various Solax Power Pocket WiFi models
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] [KIS-2026-04] SmarterMail <= 9518 (MailboxId) Reflected Cross-Site Scripting Vulnerability
  • From: Egidio Romano
• [FD] SEC Consult SA-20260218-0 :: Multiple Critical Vulnerabilities in NesterSoft WorkTime (on-prem/cloud)
  • From: SEC Consult Vulnerability Lab via Fulldisclosure