fulldisclosure  

Messages by Date

• 2025/07/11 [FD] SAP NetWeaver S/4HANA - ABAP Code Execution via Internal Function Office nullFaktor GmbH
• 2025/07/09 [FD] Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities Egidio Romano
• 2025/07/09 [FD] KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery KoreLogic Disclosures via Fulldisclosure
• 2025/07/09 [FD] KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation KoreLogic Disclosures via Fulldisclosure
• 2025/07/09 [FD] KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution KoreLogic Disclosures via Fulldisclosure
• 2025/07/09 [FD] KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery KoreLogic Disclosures via Fulldisclosure
• 2025/07/09 [FD] KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution KoreLogic Disclosures via Fulldisclosure
• 2025/07/09 [FD] KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection KoreLogic Disclosures via Fulldisclosure
• 2025/07/09 [FD] eSIM security research (GSMA eUICC compromise and certificate theft) Security Explorations
• 2025/07/07 [FD] Directory Traversal "Site Title" - bluditv3.16.2 Andrey Stoykov
• 2025/07/07 [FD] XSS via SVG File Uploa - bluditv3.16.2 Andrey Stoykov
• 2025/07/07 [FD] Stored XSS "Add New Content" Functionality - bluditv3.16.2 Andrey Stoykov
• 2025/07/07 [FD] Session Fixation - bluditv3.16.2 Andrey Stoykov
• 2025/06/25 [FD] Remote DoS in httpx 1.7.0 – Out-of-Bounds Read via Malformed <title> Tag Brian Carpenter via Fulldisclosure
• 2025/06/25 [FD] CVE-2025-32975 - Quest KACE SMA Authentication Bypass Seralys Research Team via Fulldisclosure
• 2025/06/24 [FD] CVE-2025-32977 - Quest KACE Unauthenticated Backup Upload Seralys Research Team via Fulldisclosure
• 2025/06/24 [FD] RansomLord (NG v1.0) anti-ransomware exploit tool malvuln
• 2025/06/23 [FD] CVE-2025-32978 - Quest KACE SMA Unauthenticated License Replacement Seralys Research Team via Fulldisclosure
• 2025/06/23 [FD] CVE-2025-32976 - Quest KACE SMA 2FA Bypass Seralys Research Team via Fulldisclosure
• 2025/06/23 [FD] Disclosure Yealink Cloud vulnerabilities Jeroen Hermans via Fulldisclosure
• 2025/06/17 [FD] SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem SEC Consult Vulnerability Lab via Fulldisclosure
• 2025/06/09 [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft josephgoyd via Fulldisclosure
• 2025/06/03 [FD] Defense in depth -- the Microsoft way (part 89): user group policies don't deserve tamper protection Stefan Kanthak
• 2025/06/03 [FD] CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 Sanjay Singh
• 2025/06/03 [FD] ERPNext v15.53.1 Stored XSS in bio Field Allows Arbitrary Script Execution in Profile Page Ron E
• 2025/06/03 [FD] ERPNext v15.53.1 Stored XSS in user_image Field Allows Script Execution via Injected Image Path Ron E
• 2025/06/03 [FD] Local information disclosure in apport and systemd-coredump Qualys Security Advisory via Fulldisclosure
• 2025/06/03 [FD] Stored XSS via File Upload - adaptcmsv3.0.3 Andrey Stoykov
• 2025/06/03 [FD] IDOR "Change Password" Functionality - adaptcmsv3.0.3 Andrey Stoykov
• 2025/06/03 [FD] Stored XSS "Send Message" Functionality - adaptcmsv3.0.3 Andrey Stoykov
• 2025/06/03 [FD] Authenticated File Upload to RCE - adaptcmsv3.0.3 Andrey Stoykov
• 2025/06/03 [FD] Stored XSS in "Description" Functionality - cubecartv6.5.9 Andrey Stoykov
• 2025/06/03 [FD] Multiple Vulnerabilities in SAP GuiXT Scripting Michał Majchrowicz via Fulldisclosure
• 2025/06/03 [FD] CVE-2024-47081: Netrc credential leak in PSF requests library Juho Forsén via Fulldisclosure
• 2025/06/03 [FD] Exploit CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2) Housma mardini
• 2025/06/03 [FD] Youpot honeypot Jacek Lipkowski via Fulldisclosure
• 2025/05/27 [FD] SEC Consult SA-20250521-0 :: Multiple Vulnerabilities in eCharge Hardy Barth cPH2 and cPP2 charging stations SEC Consult Vulnerability Lab via Fulldisclosure
• 2025/05/27 [FD] Structured Query Language Injection in frappe.desk.reportview.get_list Endpoint in Frappe Framework Ron E
• 2025/05/16 [FD] SEC Consult SA-20250506-0 :: Honeywell MB Secure Authenticated Command Injection SEC Consult Vulnerability Lab via Fulldisclosure
• 2025/05/16 [FD] Unauthenticated Blind SQL Injection | RSI queue management system - V 3.0 | CVE-2025-26086 Shaikh Shahnawaz
• 2025/05/16 [FD] CVE-2025-30072 Tiiwee X1 Alarm System - Authentication Bypass by Capture-replay Sebastian Auwärter via Fulldisclosure
• 2025/05/16 [FD] SEC Consult SA-20250422-0:: Local Privilege Escalation via DLL Search Order Hijacking SEC Consult Vulnerability Lab via Fulldisclosure
• 2025/05/16 [FD] SEC Consult SA-20250429-0 :: Multiple Vulnerabilities in HP Wolf Security Controller and more SEC Consult Vulnerability Lab via Fulldisclosure
• 2025/05/16 [FD] Session Invalidation in Economizzer Allows Unauthorized Access After Logout Ron E
• 2025/05/16 [FD] Persistent Cross-Site Scripting in Economizzer Category Entry Ron E
• 2025/05/16 [FD] Persistent Cross-Site Scripting in Economizzer Cashbook Entry Ron E
• 2025/05/16 [FD] APPLE-SA-05-12-2025-9 Safari 18.5 Apple Product Security via Fulldisclosure
• 2025/05/16 [FD] APPLE-SA-05-12-2025-8 visionOS 2.5 Apple Product Security via Fulldisclosure
• 2025/05/16 [FD] APPLE-SA-05-12-2025-7 tvOS 18.5 Apple Product Security via Fulldisclosure
• 2025/05/16 [FD] APPLE-SA-05-12-2025-6 watchOS 11.5 Apple Product Security via Fulldisclosure
• 2025/05/16 [FD] APPLE-SA-05-12-2025-5 macOS Ventura 13.7.6 Apple Product Security via Fulldisclosure
• 2025/05/16 [FD] APPLE-SA-05-12-2025-4 macOS Sonoma 14.7.6 Apple Product Security via Fulldisclosure
• 2025/05/16 [FD] APPLE-SA-05-12-2025-3 macOS Sequoia 15.5 Apple Product Security via Fulldisclosure
• 2025/05/16 [FD] APPLE-SA-05-12-2025-2 iPadOS 17.7.7 Apple Product Security via Fulldisclosure
• 2025/05/16 [FD] APPLE-SA-05-12-2025-1 iOS 18.5 and iPadOS 18.5 Apple Product Security via Fulldisclosure
• 2025/05/16 [FD] [KIS-2025-02] Invision Community <= 5.0.6 (customCss) Remote Code Execution Vulnerability Egidio Romano
• 2025/05/16 [FD] secuvera-SA-2025-01: Privilege Escalation in Automic Automation Agent Unix Flo Schäfer via Fulldisclosure
• 2025/05/06 [FD] BeyondTrust PRA connection takeover - CVE-2025-0217 Paul Szabo via Fulldisclosure
• 2025/05/01 [FD] Microsoft Windows .XRM-MS File / NTLM Information Disclosure Spoofing hyp3rlinx
• 2025/04/26 [FD] [IWCC 2025] CfP: 14th International Workshop on Cyber Crime - Ghent, Belgium, Aug 11-14, 2025 Artur Janicki via Fulldisclosure
• 2025/04/26 [FD] Inedo ProGet Insecure Reflection and CSRF Vulnerabilities Daniel Owens via Fulldisclosure
• 2025/04/26 [FD] Microsoft ".library-ms" File / NTLM Information Disclosure (Resurrected 2025) hyp3rlinx
• 2025/04/26 [FD] Ruby on Rails Cross-Site Request Forgery Daniel Owens via Fulldisclosure
• 2025/04/23 [FD] HNS-2025-10 - HN Security Advisory - Local privilege escalation in Zyxel uOS Marco Ivaldi
• 2025/04/23 [FD] APPLE-SA-04-16-2025-4 visionOS 2.4.1 Apple Product Security via Fulldisclosure
• 2025/04/23 [FD] APPLE-SA-04-16-2025-3 tvOS 18.4.1 Apple Product Security via Fulldisclosure
• 2025/04/23 [FD] APPLE-SA-04-16-2025-2 macOS Sequoia 15.4.1 Apple Product Security via Fulldisclosure
• 2025/04/23 [FD] APPLE-SA-04-16-2025-1 iOS 18.4.1 and iPadOS 18.4.1 Apple Product Security via Fulldisclosure
• 2025/04/23 [FD] Stored XSS in "Message" Functionality - AlegroCartv1.2.9 Andrey Stoykov
• 2025/04/23 [FD] Business Logic Flaw: Price Manipulation - AlegroCartv1.2.9 Andrey Stoykov
• 2025/04/23 [FD] XSS via SVG Image Upload - AlegroCartv1.2.9 Andrey Stoykov
• 2025/04/23 [FD] BBOT 2.1.0 - Local Privilege Escalation via Malicious Module Execution Housma mardini
• 2025/04/13 [FD] [CVE-2025-32102, CVE-2025-32103] SSRF and Directory Traversal in CrushFTP 10.7.1 and 11.1.0 (as well as legacy 9.x) Rafael Pedrero
• 2025/04/13 [FD] [KIS-2025-01] UNA CMS <= 14.0.0-RC4 (BxBaseMenuSetAclLevel.php) PHP Object Injection Vulnerability Egidio Romano
• 2025/04/13 Re: [FD] APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2 Nick Boyce
• 2025/04/13 [FD] OXAS-ADV-2025-0001: OX App Suite Security Advisory Martin Heiland via Fulldisclosure
• 2025/04/03 [FD] 10 vulnerabilities in Brocade Fibre Channel switches Pierre Kim
• 2025/04/02 [FD] APPLE-SA-04-01-2025-1 watchOS 11.4 Apple Product Security via Fulldisclosure
• 2025/04/02 [FD] APPLE-SA-03-31-2025-11 visionOS 2.4 Apple Product Security via Fulldisclosure
• 2025/04/02 [FD] APPLE-SA-03-31-2025-4 iPadOS 17.7.6 Apple Product Security via Fulldisclosure
• 2025/04/02 [FD] APPLE-SA-03-31-2025-10 tvOS 18.4 Apple Product Security via Fulldisclosure
• 2025/04/02 [FD] APPLE-SA-03-31-2025-6 iOS 15.8.4 and iPadOS 15.8.4 Apple Product Security via Fulldisclosure
• 2025/04/02 [FD] APPLE-SA-03-31-2025-8 macOS Sonoma 14.7.5 Apple Product Security via Fulldisclosure
• 2025/04/02 [FD] APPLE-SA-03-31-2025-9 macOS Ventura 13.7.5 Apple Product Security via Fulldisclosure
• 2025/04/02 [FD] APPLE-SA-03-31-2025-7 macOS Sequoia 15.4 Apple Product Security via Fulldisclosure
• 2025/04/02 [FD] APPLE-SA-03-31-2025-5 iOS 16.7.11 and iPadOS 16.7.11 Apple Product Security via Fulldisclosure
• 2025/04/02 [FD] APPLE-SA-03-31-2025-3 iOS 18.4 and iPadOS 18.4 Apple Product Security via Fulldisclosure
• 2025/04/02 [FD] APPLE-SA-03-31-2025-2 Xcode 16.3 Apple Product Security via Fulldisclosure
• 2025/04/02 [FD] APPLE-SA-03-31-2025-1 Safari 18.4 Apple Product Security via Fulldisclosure
• 2025/04/02 [FD] 3 vulnerabilities in Palo Alto Deep Packet Inspection mechanism Pierre Kim
• 2025/03/27 [FD] Three bypasses of Ubuntu's unprivileged user namespace restrictions Qualys Security Advisory via Fulldisclosure
• 2025/03/24 [FD] SQL Injection in Admin Functionality - dolphin.prov7.4.2 Andrey Stoykov
• 2025/03/24 [FD] Stored XSS via Send Message Functionality - dolphin.prov7.4.2 Andrey Stoykov
• 2025/03/20 [FD] APPLE-SA-03-11-2025-4 visionOS 2.3.2 Apple Product Security via Fulldisclosure
• 2025/03/20 [FD] APPLE-SA-03-11-2025-3 macOS Sequoia 15.3.2 Apple Product Security via Fulldisclosure
• 2025/03/20 [FD] APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2 Apple Product Security via Fulldisclosure
• 2025/03/20 [FD] APPLE-SA-03-11-2025-1 Safari 18.3.1 Apple Product Security via Fulldisclosure
• 2025/03/20 [FD] CVE-2019-16261 (UPDATE): Unauthenticated POST requests to Tripp Lite UPS Systems Lucas Lalumière
• 2025/03/11 [FD] Multiple sandbox escapes in asteval python sandboxing module areca-palm via Fulldisclosure
• 2025/02/27 [FD] SEC Consult SA-20250226-0 :: Multiple vulnerabilities in Siemens A8000 CP-8050 & CP-8031 PLC SEC Consult Vulnerability Lab via Fulldisclosure
• 2025/02/20 [FD] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Qualys Security Advisory via Fulldisclosure
• 2025/02/20 [FD] Self Stored XSS - acp2sev7.2.2 Andrey Stoykov
• 2025/02/20 [FD] Python's official documentation contains textbook example of insecure code (XSS) Georgi Guninski
• 2025/02/17 Re: [FD] Netgear Router Administrative Web Interface Lacks Transport Encryption By Default Gynvael Coldwind
• 2025/02/16 [FD] Monero 18.3.4 zero-day DoS vulnerability has been dropped publicly on social network. upper.underflow via Fulldisclosure
• 2025/02/16 [FD] Netgear Router Administrative Web Interface Lacks Transport Encryption By Default Ryan Delaney via Fulldisclosure
• 2025/02/16 [FD] [CVE-2024-54756] GZDoom <= 4.13.1 Arbitrary Code Execution via Malicious ZScript Gabriel Valachi via Fulldisclosure
• 2025/02/16 Re: [FD] Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS) David Fifield
• 2025/02/10 [FD] APPLE-SA-02-10-2025-2 iPadOS 17.7.5 Apple Product Security via Fulldisclosure
• 2025/02/10 [FD] CVE-2024-55447: Access Control in Paxton Net2 software (update) Jeroen Hermans via Fulldisclosure
• 2025/02/10 [FD] APPLE-SA-02-10-2025-1 iOS 18.3.1 and iPadOS 18.3.1 Apple Product Security via Fulldisclosure
• 2025/02/10 [FD] ChatGPT AI finds "security concern" (XSS) in DeepSeek's code Georgi Guninski
• 2025/02/04 [FD] KL-001-2025-002: Checkmk NagVis Remote Code Execution KoreLogic Disclosures via Fulldisclosure
• 2025/02/04 [FD] KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting KoreLogic Disclosures via Fulldisclosure
• 2025/02/01 [FD] APPLE-SA-01-30-2025-1 GarageBand 10.4.12 Apple Product Security via Fulldisclosure
• 2025/02/01 Re: [FD] Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS) David Fifield
• 2025/02/01 [FD] Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit Update Python3 hyp3rlinx
• 2025/01/29 [FD] Quorum onQ OS - 6.0.0.5.2064 | Reflected Cross Site Scripting (XSS) | CVE-2024-44449 Shaikh Shahnawaz
• 2025/01/29 [FD] Deepseek writes textbook insecure code in 2025-01-28 Georgi Guninski
• 2025/01/29 [FD] Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS) David Fifield
• 2025/01/27 [FD] APPLE-SA-01-27-2025-9 Safari 18.3 Apple Product Security via Fulldisclosure
• 2025/01/27 [FD] APPLE-SA-01-27-2025-8 tvOS 18.3 Apple Product Security via Fulldisclosure
• 2025/01/27 [FD] APPLE-SA-01-27-2025-7 watchOS 11.3 Apple Product Security via Fulldisclosure
• 2025/01/27 [FD] SEC Consult SA-20250127-0 :: Weak Password Hashing Algorithms in Wind River Software VxWorks RTOS SEC Consult Vulnerability Lab via Fulldisclosure
• 2025/01/27 [FD] APPLE-SA-01-27-2025-6 macOS Ventura 13.7.3 Apple Product Security via Fulldisclosure
• 2025/01/27 [FD] APPLE-SA-01-27-2025-5 macOS Sonoma 14.7.3 Apple Product Security via Fulldisclosure
• 2025/01/27 [FD] APPLE-SA-01-27-2025-4 macOS Sequoia 15.3 Apple Product Security via Fulldisclosure
• 2025/01/27 [FD] APPLE-SA-01-27-2025-3 iPadOS 17.7.4 Apple Product Security via Fulldisclosure
• 2025/01/27 [FD] Host Header Injection - atutorv2.2.4 Andrey Stoykov
• 2025/01/27 [FD] APPLE-SA-01-27-2025-2 iOS 18.3 and iPadOS 18.3 Apple Product Security via Fulldisclosure
• 2025/01/27 [FD] APPLE-SA-01-27-2025-1 visionOS 2.3 Apple Product Security via Fulldisclosure
• 2025/01/27 [FD] AutoLib Software Systems OPAC Version.20.10 | Exposure of Sensitive Information | CVE-2024-48310 Shaikh Shahnawaz
• 2025/01/27 [FD] Reflected XSS - atutorv2.2.4 Andrey Stoykov
• 2025/01/15 [FD] CVE-2024-48463 Rodolfo Tavares via Fulldisclosure
• 2025/01/15 [FD] CyberDanube Security Research 20250107-0 | Multiple Vulnerabilities in ABB AC500v3 Thomas Weber | CyberDanube via Fulldisclosure
• 2025/01/15 [FD] Asterisk Security Release 22.1.1 Asterisk Development Team via Fulldisclosure
• 2025/01/15 [FD] Certified Asterisk Security Release certified-20.7-cert4 Asterisk Development Team via Fulldisclosure
• 2025/01/15 [FD] Certified Asterisk Security Release certified-18.9-cert13 Asterisk Development Team via Fulldisclosure
• 2025/01/15 [FD] Asterisk Security Release 18.26.1 Asterisk Development Team via Fulldisclosure
• 2025/01/15 [FD] [asterisk-dev] Asterisk Security Release 21.6.1 Asterisk Development Team
• 2025/01/15 [FD] [asterisk-dev] Asterisk Security Release 20.11.1 Asterisk Development Team
• 2024/05/09 [FD] Microsoft PlayReady - complete client identity compromise Security Explorations
• 2024/05/06 [FD] secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki Simon Bieber via Fulldisclosure
• 2024/05/06 [FD] OXAS-ADV-2024-0002: OX App Suite Security Advisory Martin Heiland via Fulldisclosure
• 2024/05/06 [FD] Microsoft PlayReady toolkit - codes release Security Explorations
• 2024/05/03 [FD] Live2D Cubism refusing to fix validation issue leading to heap corruption. PT via Fulldisclosure
• 2024/05/01 [FD] Microsoft PlayReady white-box cryptography weakness Security Explorations
• 2024/04/24 [FD] Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers Stefan Kanthak
• 2024/04/24 [FD] Response to CVE-2023-26756 - Revive Adserver Matteo Beccati
• 2024/04/19 [FD] BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH) malvuln
• 2024/04/19 [FD] SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app SEC Consult Vulnerability Lab via Fulldisclosure
• 2024/04/19 [FD] MindManager 23 - full disclosure Pawel Karwowski via Fulldisclosure
• 2024/04/14 [FD] CVE-2024-31705 V3locidad
• 2024/04/14 [FD] SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue SEC Consult Vulnerability Lab via Fulldisclosure
• 2024/04/11 [FD] [KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability Egidio Romano
• 2024/04/11 [FD] [KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability Egidio Romano
• 2024/04/11 [FD] Multiple Issues in concretecmsv9.2.7 Andrey Stoykov
• 2024/04/10 [FD] OXAS-ADV-2024-0001: OX App Suite Security Advisory Martin Heiland via Fulldisclosure
• 2024/04/10 [FD] Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC) malvuln
• 2024/04/10 [FD] CVE-2023-27195: Broken Access Control - Registration Code in TM4Web v22.2.0 Clément Cruchet
• 2024/04/05 [FD] [CFP] IEEE CSR Workshop on Cyber Forensics& Advanced Threat Investigations in Emerging Technologies 2024 Andrew Zayine
• 2024/04/05 [FD] Backdoor.Win32.Agent.ju (PSYRAT) / Authentication Bypass RCE malvuln
• 2024/04/05 [FD] CVE-2024-30928: SQL Injection Vulnerability in DerbyNet v9.0 via 'classids' Parameter Valentin Lobstein via Fulldisclosure
• 2024/04/05 [FD] CVE-2024-30927: XSS Vulnerability in DerbyNet v9.0 via racer-results.php Valentin Lobstein via Fulldisclosure
• 2024/04/05 [FD] CVE-2024-30926: XSS Vulnerability in DerbyNet v9.0 via ./inc/kiosks.inc Valentin Lobstein via Fulldisclosure
• 2024/04/05 [FD] CVE-2024-30924: XSS Vulnerability in DerbyNet v9.0 via checkin.php Valentin Lobstein via Fulldisclosure
• 2024/04/05 [FD] CVE-2024-30923: SQL Injection in DerbyNet v9.0 via print/render/racer.inc Valentin Lobstein via Fulldisclosure
• 2024/04/05 [FD] CVE-2024-30922: SQL Injection in DerbyNet v9.0 via print/render/award.inc Valentin Lobstein via Fulldisclosure
• 2024/04/05 [FD] CVE-2024-30921: Unauthenticated XSS Vulnerability in DerbyNet v9.0 via photo.php Valentin Lobstein via Fulldisclosure
• 2024/04/05 [FD] CVE-2024-30920: XSS Vulnerability in DerbyNet v9.0 via render-document.php Valentin Lobstein via Fulldisclosure
• 2024/04/05 [FD] SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in Visual Planning Lennert Preuth via Fulldisclosure
• 2024/04/05 [FD] SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning Lennert Preuth via Fulldisclosure
• 2024/04/05 [FD] SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API Lennert Preuth via Fulldisclosure
• 2024/04/02 [FD] Microsoft PlayReady deficiencies / content key sniffing on Windows Security Explorations
• 2024/03/28 [FD] Intel PowerGadget 3.6 Local Privilege Escalation Julian Horoszkiewicz via Fulldisclosure
• 2024/03/27 [FD] Application is Vulnerable to Session Fixation YOGESH BHANDAGE
• 2024/03/27 [FD] APPLE-SA-03-25-2024-1 Safari 17.4.1 Apple Product Security via Fulldisclosure
• 2024/03/27 [FD] APPLE-SA-03-25-2024-2 macOS Sonoma 14.4.1 Apple Product Security via Fulldisclosure
• 2024/03/27 [FD] APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6 Apple Product Security via Fulldisclosure
• 2024/03/27 [FD] APPLE-SA-03-25-2024-4 iOS 17.4.1 and iPadOS 17.4.1 Apple Product Security via Fulldisclosure
• 2024/03/27 [FD] APPLE-SA-03-25-2024-5 iOS 16.7.7 and iPadOS 16.7.7 Apple Product Security via Fulldisclosure
• 2024/03/27 [FD] APPLE-SA-03-25-2024-6 visionOS 1.1.1 Apple Product Security via Fulldisclosure
• 2024/03/27 [FD] Escape sequence injection in util-linux wall (CVE-2024-28085) Skyler Ferrante (RIT Student) via Fulldisclosure
• 2024/03/27 [FD] Circontrol EV Charger vulnerabilities (CVE-2020-8006, CVE-2020-8007) Dariusz G
• 2024/03/19 [FD] Backdoor.Win32.Emegrab.b / Remote Stack Buffer Overflow (SEH) malvuln
• 2024/03/13 [FD] MetaFox Remote Shell Upload Exploit j0ck1ng@tempr.email
• 2024/03/13 [FD] SEC Consult SA-20240307-0 :: Local Privilege Escalation via writable files in Checkmk Agent (CVE-2024-0670) SEC Consult Vulnerability Lab, Research via Fulldisclosure
• 2024/03/13 [FD] HNS-2024-05 - HN Security Advisory - Multiple vulnerabilities in RT-Thread RTOS Marco Ivaldi
• 2024/03/13 [FD] APPLE-SA-03-12-2024-1 GarageBand 10.4.11 Apple Product Security via Fulldisclosure
• 2024/03/13 [FD] APPLE-SA-03-07-2024-7 visionOS 1.1 Apple Product Security via Fulldisclosure
• 2024/03/13 [FD] APPLE-SA-03-07-2024-6 tvOS 17.4 Apple Product Security via Fulldisclosure
• 2024/03/13 [FD] APPLE-SA-03-07-2024-5 watchOS 10.4 Apple Product Security via Fulldisclosure
• 2024/03/13 [FD] APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 Apple Product Security via Fulldisclosure
• 2024/03/13 [FD] APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 Apple Product Security via Fulldisclosure
• 2024/03/13 [FD] APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 Apple Product Security via Fulldisclosure
• 2024/03/13 [FD] APPLE-SA-03-07-2024-1 Safari 17.4 Apple Product Security via Fulldisclosure
• 2024/03/13 [FD] APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6 Apple Product Security via Fulldisclosure
• 2024/03/13 [FD] APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4 Apple Product Security via Fulldisclosure
• 2024/03/13 [FD] Backdoor.Win32.Beastdoor.oq / Unauthenticated Remote Command Execution malvuln
• 2024/03/13 [FD] StimulusReflex CVE-2024-28121 lixts via Fulldisclosure

• Earlier messages