@seclists.org.fulldisclosure@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Site URL: seclists.org/#fulldisclosure
Feed URL: seclists.org/rss/fulldisclosure.rss
Posts: 12
Followers: 2
SEC Consult SA-20260608-0 :: Privilege Escalation via Binary Planting in Genetec-provided RabbitMQ in multiple Genetec products
https://seclists.org/fulldisclosure/2026/Jun/2
Published: June 9, 2026 05:32
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 08SEC Consult Vulnerability Lab Security Advisory < 20260608-0 > ======================================================================= title: Privilege Escalation via Binaryβ¦
[SYSS-2026-004] SAP NetWeaver SAML XML Signature Wrapping
https://seclists.org/fulldisclosure/2026/Jun/1
Published: June 9, 2026 05:31
Posted by Moritz Bechler via Fulldisclosure on Jun 08Advisory ID: SYSS-2026-004 Product: SAP NetWeaver ABAP / SAP_BASIS Manufacturer: SAP SE Affected Version(s): SAP_BASIS 700 - 918 Tested Version(s): β¦
[REVIVE-SA-2026-002] Revive Adserver Vulnerabilities
https://seclists.org/fulldisclosure/2026/Jun/0
Published: June 5, 2026 00:16
Posted by Matteo Beccati on Jun 04======================================================================== Revive Adserver Security Advisory REVIVE-SA-2026-002 ------------------------------------------------------------------------β¦
CyberDanube Security Research 20260528-0 | Multiple Vulnerabilities in Multiple Vulnerabilities in Mennekes Amtron Series
https://seclists.org/fulldisclosure/2026/May/25
Published: June 1, 2026 06:24
Posted by Thomas Weber | CyberDanube via Fulldisclosure on May 31CyberDanube Security Research 20260528-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product|β¦
bmcweb (OpenBMC web server): four vulnerabilities β two unfixed, GHSA without a CVE
https://seclists.org/fulldisclosure/2026/May/24
Published: June 1, 2026 06:23
Posted by binreaper via Fulldisclosure on May 31Hi all, Posting a brief summary of a four-finding disclosure on bmcweb (the OpenBMC HTTP/Redfish web server), which ships in BMC firmware on most modern enterprise servers β Intel, IBM, HPE, NVIDIA, andβ¦
Re: Dovecot Security Advisory OXDC-2026-0002
https://seclists.org/fulldisclosure/2026/May/23
Published: May 26, 2026 01:45
Posted by Noel Butler via Fulldisclosure on May 25So when is the fix for dovecot 2.3 source code due to be released? Since by your wording by not including the first detected versions, it must be assumed 2.3 is affected, and as no EOL has been publishedβ¦
SSRF in Anthropic mcp-server-fetch and Microsoft playwright-mcp β publicly disclosed via GitHub issues
https://seclists.org/fulldisclosure/2026/May/22
Published: May 26, 2026 01:44
Posted by outreach on May 25-----BEGIN SECURITY ADVISORY----- Title: Server-Side Request Forgery (SSRF) in Anthropic mcp-server-fetch and Microsoft playwright-mcp Author: Syed Anas Mohiuddin <anasmohiuddinsyed () gmail com> Date: May 25, 2026 CVSS: 7.5β¦
[SECURITY ADVISORY] CVE-2021-21735 - ZTE ZXHN H168N V3.5 Unauthenticated Admin Credential Leak
https://seclists.org/fulldisclosure/2026/May/21
Published: May 26, 2026 01:43
Posted by m.nageh on May 25-----BEGIN SECURITY ADVISORY----- Advisory ID: MONX-2021-001 CVE ID: CVE-2021-21735 Title: ZTE ZXHN H168N V3.5 - Unauthenticated Wizard Credential Disclosure to Full Admin Compromise Affected: ZTE ZXHNβ¦
[SECURITY ADVISORY] CVE-2026-34474 - ZTE H298A/H108N Unauthenticated Admin Credential Exposure
https://seclists.org/fulldisclosure/2026/May/20
Published: May 26, 2026 01:43
Posted by m.nageh on May 25-----BEGIN SECURITY ADVISORY----- Advisory ID: MONX-2026-003 CVE ID: CVE-2026-34474 Title: ZTE ZXHN H298A / H108N - Unauthenticated Admin Password & WLAN Credential Exposure Affected: ZTE ZXHN H298Aβ¦
[SECURITY ADVISORY] CVE-2026-34472 - ZTE ZXHN H188A V6 Authentication Bypass via Pre-Login Wizard
https://seclists.org/fulldisclosure/2026/May/19
Published: May 26, 2026 01:43
Posted by m.nageh on May 25-----BEGIN SECURITY ADVISORY----- Advisory ID: MONX-2026-002 CVE ID: CVE-2026-34472 Title: ZTE ZXHN H188A V6 - Authentication Bypass via Pre-Login Wizard Credential Leakage Affected: ZTE ZXHN H188Aβ¦
[SECURITY ADVISORY] CVE-2026-34473 - Unauthenticated DoS in 17+ ZTE Router Models (140K+ Devices)
https://seclists.org/fulldisclosure/2026/May/18
Published: May 26, 2026 01:43
Posted by m.nageh on May 25-----BEGIN SECURITY ADVISORY----- Advisory ID: MONX-2026-001 CVE ID: CVE-2026-34473 Title: Unauthenticated Denial of Service via Oversized POST Body in ZTE Router CGILua Parser Affected: 17+ ZTE ZXHNβ¦
Multiple vulnerabilities in Sparx Pro Cloud Server and Enterprise Architect
https://seclists.org/fulldisclosure/2026/May/17
Published: May 26, 2026 01:40
Posted by Adamczyk Blazej on May 25ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ Multiple vulnerabilities in Sparx Pro Cloud Server and Enterprise Architect ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ General...