@seclists.org.fulldisclosure@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Site URL: seclists.org/#fulldisclosure
Feed URL: seclists.org/rss/fulldisclosure.rss
Posts: 23
Followers: 1
SEC Consult SA-20250521-0 :: Multiple Vulnerabilities in eCharge Hardy Barth cPH2 and cPP2 charging stations
https://seclists.org/fulldisclosure/2025/May/23
Published: May 28, 2025 03:20
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 27SEC Consult Vulnerability Lab Security Advisory < 20250521-0 > ======================================================================= title: Multiple Vulnerabilities …
Structured Query Language Injection in frappe.desk.reportview.get_list Endpoint in Frappe Framework
https://seclists.org/fulldisclosure/2025/May/22
Published: May 28, 2025 03:19
Posted by Ron E on May 27 An authenticated SQL injection vulnerability exists in the frappe.desk.reportview.get_list API of the Frappe Framework, affecting versions v15.56.1. The vulnerability stems from improper sanitization of the fields[] parameter,…
Unauthenticated Blind SQL Injection | RSI queue management system - V 3.0 | CVE-2025-26086
https://seclists.org/fulldisclosure/2025/May/21
Published: May 17, 2025 02:39
Posted by Shaikh Shahnawaz on May 16[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC [+] twitter.com/_striv3r_ [Vendor of Product] RSI Queue (https://www.rsiqueue.com/) [Vulnerability Type] Blind SQL Injection [Affected…
CVE-2025-30072 Tiiwee X1 Alarm System - Authentication Bypass by Capture-replay
https://seclists.org/fulldisclosure/2025/May/20
Published: May 17, 2025 02:39
Posted by Sebastian Auwärter via Fulldisclosure on May 16Advisory ID: SYSS-2025-006 Product: Tiiwee X1 Alarm System Manufacturer: Tiiwee B.V. Affected Version(s): TWX1HAKV2 Tested Version(s): …
SEC Consult SA-20250506-0 :: Honeywell MB Secure Authenticated Command Injection
https://seclists.org/fulldisclosure/2025/May/19
Published: May 17, 2025 02:39
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 16SEC Consult Vulnerability Lab Security Advisory < 20250507-0 > ======================================================================= title: Authenticated Command Injection …
SEC Consult SA-20250429-0 :: Multiple Vulnerabilities in HP Wolf Security Controller and more
https://seclists.org/fulldisclosure/2025/May/18
Published: May 17, 2025 02:39
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 16SEC Consult Vulnerability Lab Security Advisory < publishing date 20250429-0 > Combined Security Advisory for Sure Access Enterprise and Sure Click Enterprise…
SEC Consult SA-20250422-0:: Local Privilege Escalation via DLL Search Order Hijacking
https://seclists.org/fulldisclosure/2025/May/17
Published: May 17, 2025 02:39
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 16SEC Consult Vulnerability Lab Security Advisory < 20250422-0 > ======================================================================= title: Local Privilege Escalation via…
Session Invalidation in Economizzer Allows Unauthorized Access After Logout
https://seclists.org/fulldisclosure/2025/May/16
Published: May 17, 2025 02:38
Posted by Ron E on May 16A session management vulnerability exists in gugoan's Economizzer v.0.9-beta1. The application fails to properly invalidate user sessions upon logout or other session termination events. As a result, a valid session remains active…
Persistent Cross-Site Scripting in Economizzer Category Entry
https://seclists.org/fulldisclosure/2025/May/15
Published: May 17, 2025 02:38
Posted by Ron E on May 16A persistent cross-site scripting (XSS) vulnerability exists in gugoan's Economizzer v.0.9-beta1. The application fails to properly sanitize user-supplied input when creating a new category via the *category/create *endpoint. An…
Persistent Cross-Site Scripting in Economizzer Cashbook Entry
https://seclists.org/fulldisclosure/2025/May/14
Published: May 17, 2025 02:38
Posted by Ron E on May 16A persistent cross-site scripting (XSS) vulnerability exists in gugoan's Economizzer v.0.9-beta1 The application fails to properly sanitize user-supplied input when creating a new cash book entry via the *cashbook/create* endpoint.…
APPLE-SA-05-12-2025-9 Safari 18.5
https://seclists.org/fulldisclosure/2025/May/13
Published: May 17, 2025 02:38
Posted by Apple Product Security via Fulldisclosure on May 16APPLE-SA-05-12-2025-9 Safari 18.5 Safari 18.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122719. Apple maintains a…
APPLE-SA-05-12-2025-8 visionOS 2.5
https://seclists.org/fulldisclosure/2025/May/12
Published: May 17, 2025 02:38
Posted by Apple Product Security via Fulldisclosure on May 16APPLE-SA-05-12-2025-8 visionOS 2.5 visionOS 2.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122721. Apple maintains a…
APPLE-SA-05-12-2025-7 tvOS 18.5
https://seclists.org/fulldisclosure/2025/May/11
Published: May 17, 2025 02:38
Posted by Apple Product Security via Fulldisclosure on May 16APPLE-SA-05-12-2025-7 tvOS 18.5 tvOS 18.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122720. Apple maintains a…
APPLE-SA-05-12-2025-6 watchOS 11.5
https://seclists.org/fulldisclosure/2025/May/10
Published: May 17, 2025 02:38
Posted by Apple Product Security via Fulldisclosure on May 16APPLE-SA-05-12-2025-6 watchOS 11.5 watchOS 11.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122722. Apple maintains a…
APPLE-SA-05-12-2025-5 macOS Ventura 13.7.6
https://seclists.org/fulldisclosure/2025/May/9
Published: May 17, 2025 02:38
Posted by Apple Product Security via Fulldisclosure on May 16APPLE-SA-05-12-2025-5 macOS Ventura 13.7.6 macOS Ventura 13.7.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/122718. …
APPLE-SA-05-12-2025-4 macOS Sonoma 14.7.6
https://seclists.org/fulldisclosure/2025/May/8
Published: May 17, 2025 02:38
Posted by Apple Product Security via Fulldisclosure on May 16APPLE-SA-05-12-2025-4 macOS Sonoma 14.7.6 macOS Sonoma 14.7.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/122717. Apple…
APPLE-SA-05-12-2025-3 macOS Sequoia 15.5
https://seclists.org/fulldisclosure/2025/May/7
Published: May 17, 2025 02:38
Posted by Apple Product Security via Fulldisclosure on May 16APPLE-SA-05-12-2025-3 macOS Sequoia 15.5 macOS Sequoia 15.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122716. Apple…
BeyondTrust PRA connection takeover - CVE-2025-0217
https://seclists.org/fulldisclosure/2025/May/1
Published: May 6, 2025 22:31
Posted by Paul Szabo via Fulldisclosure on May 06=== Details ======================================================== Vendor: BeyondTrust Product: Privileged Remote Access (PRA) Subject: PRA connection takeover CVE ID: CVE-2025-0217 CVSS: 7.8…
Microsoft Windows .XRM-MS File / NTLM Information Disclosure Spoofing
https://seclists.org/fulldisclosure/2025/May/0
Published: May 1, 2025 07:24
Posted by hyp3rlinx on May 01[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/Microsoft_Windows_xrm-ms_File_NTLM-Hash_Disclosure.txt [+] x.com/hyp3rlinx [+] ISR:…
[IWCC 2025] CfP: 14th International Workshop on Cyber Crime - Ghent, Belgium, Aug 11-14, 2025
https://seclists.org/fulldisclosure/2025/Apr/31
Published: April 27, 2025 04:43
Posted by Artur Janicki via Fulldisclosure on Apr 26[APOLOGIES FOR CROSS-POSTING] CALL FOR PAPERS 14th International Workshop on Cyber Crime (IWCC 2025 - https://2025.ares-conference.eu/program/iwcc/) to be held in conjunction with the 20th International…
Inedo ProGet Insecure Reflection and CSRF Vulnerabilities
https://seclists.org/fulldisclosure/2025/Apr/30
Published: April 27, 2025 04:43
Posted by Daniel Owens via Fulldisclosure on Apr 26Inedo ProGet 2024.22 and below are vulnerable to unauthenticated denial of service and information disclosure attacks (among other things) because the information system directly exposes the C# reflection…
Ruby on Rails Cross-Site Request Forgery
https://seclists.org/fulldisclosure/2025/Apr/29
Published: April 27, 2025 04:43
Posted by Daniel Owens via Fulldisclosure on Apr 26Good morning. All current versions and all versions since the 2022/2023 "fix" to the Rails cross-site request forgery (CSRF) protections continue to be vulnerable to the same attacks as the 2022…
Microsoft ".library-ms" File / NTLM Information Disclosure (Resurrected 2025)
https://seclists.org/fulldisclosure/2025/Apr/28
Published: April 27, 2025 04:40
Posted by hyp3rlinx on Apr 26[-] Microsoft ".library-ms" File / NTLM Information Disclosure Spoofing (Resurrected 2025) / CVE-2025-24054 [+] John Page (aka hyp3rlinx) [+] x.com/hyp3rlinx [+] ISR: ApparitionSec Back in 2018, I reported a ".library-ms"…