Mail Thread Index

• Date Index

• [FD] [KIS-2026-01] Blesta <= 5.13.1 (confirm_url) Reflected Cross-Site Scripting Vulnerability, Egidio Romano
• [FD] [KIS-2026-02] Blesta <= 5.13.1 (Admin Interface) Multiple PHP Object Injection Vulnerabilities, Egidio Romano
• [FD] [KIS-2026-03] Blesta <= 5.13.1 (2Checkout) Multiple PHP Object Injection Vulnerabilities, Egidio Romano
• [FD] CyberDanube Security Research 20260119-0 | Authenticated Command Injection in Phoenix Contact TC Router Series, Thomas Weber | CyberDanube via Fulldisclosure
• [FD] SEC Consult SA-20260202-0 :: Multiple vulnerabilities in Native Instruments Native Access (MacOS), SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] Certified Asterisk Security Release certified-20.7-cert9, Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 20.18.2, Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 22.8.2, Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 21.12.1, Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 23.2.2, Asterisk Development Team via Fulldisclosure
• [FD] [SYSS-2025-001] Linksys MX9600/MX4200 - Path Traversal, Christian Zäske via Fulldisclosure
• [FD] [SYSS-2025-002] Linksys MX9600/MX4200 - Missing Authentication for Critical Function, Christian Zäske via Fulldisclosure
• [FD] [SYSS-2025-009] Linksys MX9600/MX4200 - SQL Injection, Christian Zäske via Fulldisclosure
• [FD] [SYSS-2025-010] Linksys MX9600/MX4200 - OS Command Injection, Christian Zäske via Fulldisclosure
• [FD] [SYSS-2025-011] Linksys MX9600/MX4200 - OS Command Injection, Christian Zäske via Fulldisclosure
• [FD] [SYSS-2025-014] Linksys MX4200 - Improper Verification of Source of a Communication Channel, Christian Zäske via Fulldisclosure
• [FD] Firedancer Solana Validator - QUIC Transport Parameter UB and Consensus-Splitting Cast Bug, Agent Spooky's Fun Parade via Fulldisclosure
• [FD] 🚨 Public Disclosure: Remote BitLocker Bypass via Intel AMT — SYSTEM Access Without Login, Darsh Naik
• [FD] Blind XXE in Electronic Invoice online tools (validator.invoice-portal.de, xrechnung.rib.de), Hanno Böck
• [FD] APPLE-SA-02-11-2026-1 iOS 26.3 and iPadOS 26.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-2 iOS 18.7.5 and iPadOS 18.7.5, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-3 macOS Tahoe 26.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-4 macOS Sequoia 15.7.4, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-5 macOS Sonoma 14.8.4, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-6 tvOS 26.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-7 watchOS 26.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-8 visionOS 26.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-02-11-2026-9 Safari 26.3, Apple Product Security via Fulldisclosure
• [FD] [Full Disclosure] CVE-2025-69690 & CVE-2025-69691 — Authenticated RCE in Netgate pfSense CE 2.7.2 and 2.8.0, privexploits via Fulldisclosure
• [FD] SEC Consult SA-20260212-0 :: Multiple Vulnerabilities in various Solax Power Pocket WiFi models, SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] [KIS-2026-04] SmarterMail <= 9518 (MailboxId) Reflected Cross-Site Scripting Vulnerability, Egidio Romano
• [FD] SEC Consult SA-20260218-0 :: Multiple Critical Vulnerabilities in NesterSoft WorkTime (on-prem/cloud), SEC Consult Vulnerability Lab via Fulldisclosure