@seclists.org.fulldisclosure@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Site URL: seclists.org/#fulldisclosure
Feed URL: seclists.org/rss/fulldisclosure.rss
Posts: 9
Followers: 1
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
https://seclists.org/fulldisclosure/2025/Oct/8
Published: October 14, 2025 03:23
Posted by Christopher Dickinson via Fulldisclosure on Oct 13Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com CVE Identifiers * CVE-2025-[PENDING] - Excessive Data Exposure / JWT Token Leakage * CVE-2025-[PENDING] - Broken Object…
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
https://seclists.org/fulldisclosure/2025/Oct/7
Published: October 14, 2025 03:23
Posted by SBA Research Security Advisory via Fulldisclosure on Oct 13# Checkmk Path Traversal # Link: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250730-01_Checkmk_Path_Traversal ## Vulnerability Overview ## Checkmk in versions…
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
https://seclists.org/fulldisclosure/2025/Oct/6
Published: October 14, 2025 03:23
Posted by SBA Research Security Advisory via Fulldisclosure on Oct 13# Checkmk Agent Privilege Escalation via Insecure Temporary Files # Link: …
CVE-2025-59397 - Open Web Analytics SQL Injection
https://seclists.org/fulldisclosure/2025/Oct/5
Published: October 9, 2025 04:30
Posted by Seralys Research Team via Fulldisclosure on Oct 08 Seralys Security Advisory | https://www.seralys.com/research ====================================================================== Title: SQL Injection Vulnerability Product: Open…
Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft
https://seclists.org/fulldisclosure/2025/Oct/4
Published: October 7, 2025 18:56
Posted by josephgoyd via Fulldisclosure on Oct 07The GitHub link has a write up on the attack-chain. Along with the CNVD certs that were issued for validation. https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft
https://seclists.org/fulldisclosure/2025/Oct/3
Published: October 7, 2025 18:55
Posted by full on Oct 07Substack is down. If there is a replacement, it is appreciated. -x9p
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11
https://seclists.org/fulldisclosure/2025/Oct/2
Published: October 7, 2025 18:53
Posted by Stefan Kanthak via Fulldisclosure on Oct 07On a fresh installation of the just released Windows 11 25H2 the former file %SystemRoot%\System32\SecurityHealth\10.0.27840.1000-0\SecurityHealthHost.exe is %SystemRoot%\System32\SecurityHealthHost.exe…
Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
https://seclists.org/fulldisclosure/2025/Oct/1
Published: October 2, 2025 22:20
Posted by josephgoyd via Fulldisclosure on Oct 02Updated repo location: https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201 Working exploit: …
Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft
https://seclists.org/fulldisclosure/2025/Oct/0
Published: October 2, 2025 22:20
Posted by josephgoyd via Fulldisclosure on Oct 02Updated repo location: https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201 Working exploit: …