@seclists.org.fulldisclosure@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Site URL: seclists.org/#fulldisclosure
Feed URL: seclists.org/rss/fulldisclosure.rss
Posts: 8
Followers: 2
CyberDanube Security Research 20260408-1 | Multiple Vulnerabilities in Siemens SICAM A8000
https://seclists.org/fulldisclosure/2026/Apr/7
Published: April 14, 2026 17:07
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Apr 14CyberDanube Security Research 20260408-1 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product|…
CyberDanube Security Research 20260408-0 | Remote Operation Denial of Service in Siemens SICAM A8000
https://seclists.org/fulldisclosure/2026/Apr/6
Published: April 14, 2026 17:07
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Apr 14CyberDanube Security Research 20260408-0 ------------------------------------------------------------------------------- title| Remote Operation Denial of Service …
SEC Consult SA-20260414-0 :: Improper Enforcement of Locked Accounts in WebUI (SSO) in Kiuwan SAST on-premise (KOP) & cloud/SaaS
https://seclists.org/fulldisclosure/2026/Apr/5
Published: April 14, 2026 17:07
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 14SEC Consult Vulnerability Lab Security Advisory < 20260414-0 > ======================================================================= title: Improper Enforcement of Locked…
SEC Consult SA-20260401-0 :: Broken Access Control in Open WebUI
https://seclists.org/fulldisclosure/2026/Apr/4
Published: April 3, 2026 03:55
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 02SEC Consult Vulnerability Lab Security Advisory < 20260401-0 > ======================================================================= title: Broken Access Control …
SEC Consult SA-20260326-0 :: Local Privilege Escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library
https://seclists.org/fulldisclosure/2026/Apr/3
Published: April 3, 2026 03:55
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 02SEC Consult Vulnerability Lab Security Advisory < 20260326-0 > ======================================================================= title: Local Privilege Escalation …
Apple OHTTP Relay: 14 Third-Party Endpoints, 6 Countries, Zero User Visibility
https://seclists.org/fulldisclosure/2026/Apr/2
Published: April 3, 2026 03:54
Posted by Joseph Goydish II via Fulldisclosure on Apr 02SUMMARY Apple's Oblivious HTTP relay for Live Caller ID Lookup (iOS 18+) routes traffic through 14 third-party endpoints across six countries. These include an anonymous Delaware LLC sharing data…
[KIS-2026-06] MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability
https://seclists.org/fulldisclosure/2026/Apr/1
Published: April 3, 2026 03:53
Posted by Egidio Romano on Apr 02--------------------------------------------------------------------------- MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability…
[CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability
https://seclists.org/fulldisclosure/2026/Apr/0
Published: April 3, 2026 03:52
Posted by cyber security on Apr 02A vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This issue has been…