Full Disclosure: by date

PreviousPrevious period
Next periodNext

33 messages starting Oct 02 25 and ending Oct 29 25
Date index | Thread index | Author index

Thursday, 02 October

Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft josephgoyd via Fulldisclosure
Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) josephgoyd via Fulldisclosure

Tuesday, 07 October

Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11 Stefan Kanthak via Fulldisclosure
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft full
Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft josephgoyd via Fulldisclosure

Wednesday, 08 October

CVE-2025-59397 - Open Web Analytics SQL Injection Seralys Research Team via Fulldisclosure

Monday, 13 October

[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files SBA Research Security Advisory via Fulldisclosure
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal SBA Research Security Advisory via Fulldisclosure
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS) Christopher Dickinson via Fulldisclosure

Wednesday, 15 October

Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS) Gynvael Coldwind

Saturday, 18 October

Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a cve
apis.google.com - Insecure redirect via __lu parameter (exploited in the wild) Patrick via Fulldisclosure
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS Thomas Weber | CyberDanube via Fulldisclosure

Tuesday, 21 October

Google Firebase hosting suspension / "malware distribution" bypass Security Explorations
BSidesSF 2026 CFP still open until October 28th BSidesSF CFP via Fulldisclosure
Malvuln - MISP compatible malware vulnerability intelligence feed now live malvuln
[SYSS-2025-015]: Verbatim Keypad Secure (security update v1.0.0.6) - Offline brute-force attack Matthias Deeg via Fulldisclosure
[SYSS-2025-016]: Verbatim Store 'n' Go Secure Portable SSD (security update v1.0.0.6) - Offline brute-force attack Matthias Deeg via Fulldisclosure
[SYSS-2025-017]: Verbatim Store 'n' Go Secure Portable HDD (security update v1.0.0.6) - Offline brute-force attack Matthias Deeg via Fulldisclosure
SEC Consult SA-20251021-0 :: Multiple Vulnerabilities in EfficientLab WorkExaminer Professional (CVE-2025-10639, CVE-2025-10640, CVE-2025-10641) SEC Consult Vulnerability Lab via Fulldisclosure

Saturday, 25 October

[REVIVE-SA-2025-001] Revive Adserver Vulnerability Matteo Beccati
[REVIVE-SA-2025-002] Revive Adserver Vulnerability Matteo Beccati

Tuesday, 28 October

Struts2 and Related Framework Array/Collection DoS Daniel Owens via Fulldisclosure
Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) Noor Christensen
Current Password not Required When Changing Password - totaljsv5013 Andrey Stoykov
Stored Cross-Site Scripting (XSS) - Layout Functionality - totaljsv5013 Andrey Stoykov
Stored HTML Injection - Layout Functionality - totaljsv5013 Andrey Stoykov
Stored Cross-Site Scripting (XSS) via SVG File Upload - totaljsv5013 Andrey Stoykov
SEC Consult SA-20251027-0 :: Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System #CVE-2025-12055 SEC Consult Vulnerability Lab via Fulldisclosure

Wednesday, 29 October

Dovecot CVE-2025-30189: Auth cache causes access to wrong account Aki Tuomi via Fulldisclosure
Re: : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) Christoph Gruber
Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) josephgoyd via Fulldisclosure
SEC Consult SA-20251029-0 :: Unprotected NFC card manipulation leading to free top-up in GiroWeb Cashless Catering Solutions (only legacy customer infrastructure) SEC Consult Vulnerability Lab via Fulldisclosure
PreviousPrevious period
Next periodNext