Full Disclosure: by date

PreviousPrevious period
Next periodNext

37 messages starting Dec 01 25 and ending Dec 27 25
Date index | Thread index | Author index

Monday, 01 December

Missing Critical Security Headers in Legality WHISTLEBLOWING Aerith Gainsborough via Fulldisclosure
[REVIVE-SA-2025-005] Revive Adserver Vulnerability Matteo Beccati
2 vulnerabilities in Egovframe Pierre Kim
8 vulnerabilities in AudioCodes Fax/IVR Appliance Pierre Kim

Friday, 05 December

Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group) Yuffie Kisaragi via Fulldisclosure

Monday, 15 December

[SYSS-2025-060]: HP computer UEFI boot protection bypass Micha Borrmann via Fulldisclosure
APPLE-SA-12-12-2025-1 iOS 26.2 and iPadOS 26.2 Apple Product Security via Fulldisclosure
APPLE-SA-12-12-2025-2 iOS 18.7.3 and iPadOS 18.7.3 Apple Product Security via Fulldisclosure
APPLE-SA-12-12-2025-3 macOS Tahoe 26.2 Apple Product Security via Fulldisclosure
APPLE-SA-12-12-2025-4 macOS Sequoia 15.7.3 Apple Product Security via Fulldisclosure
APPLE-SA-12-12-2025-5 macOS Sonoma 14.8.3 Apple Product Security via Fulldisclosure
APPLE-SA-12-12-2025-6 tvOS 26.2 Apple Product Security via Fulldisclosure
APPLE-SA-12-12-2025-7 watchOS 26.2 Apple Product Security via Fulldisclosure
APPLE-SA-12-12-2025-8 visionOS 26.2 Apple Product Security via Fulldisclosure
APPLE-SA-12-12-2025-9 Safari 26.2 Apple Product Security via Fulldisclosure
Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group) Yuffie Kisaragi via Fulldisclosure
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality Onur Tezcan via Fulldisclosure
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area Onur Tezcan via Fulldisclosure
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality. Onur Tezcan via Fulldisclosure
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality Onur Tezcan via Fulldisclosure
nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality Onur Tezcan via Fulldisclosure
[KIS-2025-07] Bitrix24 <= 25.100.300 (Translate Module) Remote Code Execution Vulnerability Egidio Romano
[KIS-2025-08] 1C-Bitrix <= 25.100.500 (Translate Module) Remote Code Execution Vulnerability Egidio Romano

Wednesday, 17 December

[CFP] Security BSidesLjubljana 0x7EA | March 13, 2026 Andraz Sraka
Raydium CP Swap: Unchecked Account Allows Creator Fee Hijacking LRKTBEYK LRKTBEYK
[KIS-2025-09] Control Web Panel <= 0.9.8.1208 (admin/index.php) OS Command Injection Vulnerability Egidio Romano
CyberDanube Security Research 20251215-0 | Multiple Vulnerabilities in Phoenix Contact FL Switch Series Thomas Weber | CyberDanube via Fulldisclosure

Monday, 22 December

HEUR.Backdoor.Win32.Poison.gen / Arbitrary Code Execution / MVID-2025-0701 malvuln
Backdoor.Win32.ControlTotal.t / Insecure Credential Storage / MVID-2025-0702 malvuln
Defense in depth -- the Microsoft way (part 94): SAFER (SRPv1 and AppLocker alias SRPv2) bypass for dummies Stefan Kanthak via Fulldisclosure

Saturday, 27 December

Backdoor.Win32.Netbus.170 / Insecure Credential Storage / MVID-2025-0703 malvuln
Backdoor.Win32.Poison.jh / Insecure Permissions malvuln
[KIS-2025-10] PKP-WAL <= 3.5.0-1 (Institution Collector) SQL Injection Vulnerability Egidio Romano
[KIS-2025-11] Open Journal Systems <= 3.5.0-1 (NativeXmlIssueGalleyFilter.php) Path Traversal Vulnerability Egidio Romano
[KIS-2025-12] PKP-WAL <= 3.5.0-1 (baseColour) LESS Code Injection Vulnerability Egidio Romano
[KIS-2025-13] PKP-WAL <= 3.5.0-3 (X-Forwarded-Host) LESS Code Injection Vulnerability Egidio Romano
[KIS-2025-14] PKP-WAL <= 3.5.0-1 Login Cross-Site Request Forgery Vulnerability Egidio Romano
PreviousPrevious period
Next periodNext