@seclists.org.fulldisclosure@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Site URL: seclists.org/#fulldisclosure
Feed URL: seclists.org/rss/fulldisclosure.rss
Posts: 14
Followers: 2
Asterisk Security Release 23.2.2
https://seclists.org/fulldisclosure/2026/Feb/9
Published: February 8, 2026 04:15
Posted by Asterisk Development Team via Fulldisclosure on Feb 07The Asterisk Development Team would like to announce security release Asterisk 23.2.2. The release artifacts are available for immediate download at …
Asterisk Security Release 21.12.1
https://seclists.org/fulldisclosure/2026/Feb/8
Published: February 8, 2026 04:15
Posted by Asterisk Development Team via Fulldisclosure on Feb 07The Asterisk Development Team would like to announce security release Asterisk 21.12.1. The release artifacts are available for immediate download at …
Asterisk Security Release 22.8.2
https://seclists.org/fulldisclosure/2026/Feb/7
Published: February 8, 2026 04:15
Posted by Asterisk Development Team via Fulldisclosure on Feb 07The Asterisk Development Team would like to announce security release Asterisk 22.8.2. The release artifacts are available for immediate download at …
Asterisk Security Release 20.18.2
https://seclists.org/fulldisclosure/2026/Feb/6
Published: February 8, 2026 04:15
Posted by Asterisk Development Team via Fulldisclosure on Feb 07The Asterisk Development Team would like to announce security release Asterisk 20.18.2. The release artifacts are available for immediate download at …
Certified Asterisk Security Release certified-20.7-cert9
https://seclists.org/fulldisclosure/2026/Feb/5
Published: February 8, 2026 04:15
Posted by Asterisk Development Team via Fulldisclosure on Feb 07The Asterisk Development Team would like to announce security release Certified Asterisk 20.7-cert9. The release artifacts are available for immediate download at …
SEC Consult SA-20260202-0 :: Multiple vulnerabilities in Native Instruments Native Access (MacOS)
https://seclists.org/fulldisclosure/2026/Feb/4
Published: February 5, 2026 04:51
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 04SEC Consult Vulnerability Lab Security Advisory < 20260202-0 > ======================================================================= title: Multiple vulnerabilities …
CyberDanube Security Research 20260119-0 | Authenticated Command Injection in Phoenix Contact TC Router Series
https://seclists.org/fulldisclosure/2026/Feb/3
Published: February 5, 2026 04:51
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Feb 04CyberDanube Security Research 20260119-0 ------------------------------------------------------------------------------- title| Authenticated Command Injection …
[KIS-2026-03] Blesta <= 5.13.1 (2Checkout) Multiple PHP Object Injection Vulnerabilities
https://seclists.org/fulldisclosure/2026/Feb/2
Published: February 5, 2026 04:50
Posted by Egidio Romano on Feb 04-------------------------------------------------------------------------- Blesta <= 5.13.1 (2Checkout) Multiple PHP Object Injection Vulnerabilities…
[KIS-2026-02] Blesta <= 5.13.1 (Admin Interface) Multiple PHP Object Injection Vulnerabilities
https://seclists.org/fulldisclosure/2026/Feb/1
Published: February 5, 2026 04:50
Posted by Egidio Romano on Feb 04-------------------------------------------------------------------------------- Blesta <= 5.13.1 (Admin Interface) Multiple PHP Object Injection Vulnerabilities…
[KIS-2026-01] Blesta <= 5.13.1 (confirm_url) Reflected Cross-Site Scripting Vulnerability
https://seclists.org/fulldisclosure/2026/Feb/0
Published: February 5, 2026 04:50
Posted by Egidio Romano on Feb 04--------------------------------------------------------------------------- Blesta <= 5.13.1 (confirm_url) Reflected Cross-Site Scripting Vulnerability…
Username Enumeration - elggv6.3.3
https://seclists.org/fulldisclosure/2026/Jan/30
Published: January 29, 2026 21:31
Posted by Andrey Stoykov on Jan 29# Exploit Title: Elgg - Username Enumeration # Date: 1/2026 # Exploit Author: Andrey Stoykov # Version: 6.3.3 # Tested on: Ubuntu 22.04 # Blog:…
Weak Password Complexity - elggv6.3.3
https://seclists.org/fulldisclosure/2026/Jan/29
Published: January 29, 2026 21:31
Posted by Andrey Stoykov on Jan 29# Exploit Title: Elgg - Lack of Password Complexity # Date: 1/2026 # Exploit Author: Andrey Stoykov # Version: 6.3.3 # Tested on: Ubuntu 22.04 # Blog:…
Paper-Exploiting XAMPP Installations
https://seclists.org/fulldisclosure/2026/Jan/28
Published: January 29, 2026 21:31
Posted by Andrey Stoykov on Jan 29Hi. I would like to publish my paper for exploiting XAMPP installations. Thanks, Andrey
CVE-2025-12758: Unicode Variation Selectors Bypass in 'validator' library (isLength)
https://seclists.org/fulldisclosure/2026/Jan/27
Published: January 29, 2026 21:30
Posted by Karol Wrótniak on Jan 29Summary ======= A vulnerability was discovered in the popular JavaScript library 'validator'. The isLength() function incorrectly handles Unicode Variation Selectors (U+FE0E and U+FE0F). An attacker can inject thousands of…