@seclists.org.fulldisclosure@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Site URL: seclists.org/#fulldisclosure
Feed URL: seclists.org/rss/fulldisclosure.rss
Posts: 12
Followers: 1
Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)
https://seclists.org/fulldisclosure/2026/Jan/4
Published: January 6, 2026 07:00
Posted by Yuffie Kisaragi via Fulldisclosure on Jan 05UPDATE: Following the publication of these vulnerabilities and the subsequent CVE assignments, the CVE identifiers have now been revoked. The vendor (EQS Group) contacted the CVE Program (via a CNA)…
Panda3d v1.10.16 Uncontrolled Format String in Panda3D egg-mkfont Allows Stack Memory Disclosure
https://seclists.org/fulldisclosure/2026/Jan/11
Published: January 6, 2026 06:59
Posted by Ron E on Jan 05Panda3D’s egg-mkfont utility contains an uncontrolled format string vulnerability that allows disclosure of stack-resident memory. The -gp (glyph pattern) command-line option allows users to specify a formatting pattern intended…
Panda3d v1.10.16 egg-mkfont Stack Buffer Overflow
https://seclists.org/fulldisclosure/2026/Jan/10
Published: January 6, 2026 06:59
Posted by Ron E on Jan 05A stack-based buffer overflow vulnerability exists in the Panda3D egg-mkfont utility due to the use of an unbounded sprintf() call with attacker-controlled input. By supplying an excessively long glyph pattern string via the -gp…
Panda3d v1.10.16 deploy-stub Unbounded Stack Allocation Leading to Uninitialized Memory
https://seclists.org/fulldisclosure/2026/Jan/9
Published: January 6, 2026 06:59
Posted by Ron E on Jan 05A memory safety vulnerability exists in the Panda3D deploy-stub executable due to unbounded stack allocation using attacker-controlled input. The issue allows a local attacker to trigger stack exhaustion and subsequent use of…
MongoDB v8.3.0 Integer Underflow in LMDB mdb_load
https://seclists.org/fulldisclosure/2026/Jan/8
Published: January 6, 2026 06:59
Posted by Ron E on Jan 05This integer underflow vulnerability enables heap metadata corruption and information disclosure through carefully crafted LMDB dump files. *Impact:* - *Denial of Service*: Immediate crash (confirmed) - *Information…
Bioformats v8.3.0 Untrusted Deserialization of Bio-Formats Memoizer Cache Files
https://seclists.org/fulldisclosure/2026/Jan/7
Published: January 6, 2026 06:59
Posted by Ron E on Jan 05Bio-Formats performs unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with…
Bioformats v8.3.0 Improper Restriction of XML External Entity Reference in Bio-Formats Leica Microsystems XML Parser
https://seclists.org/fulldisclosure/2026/Jan/6
Published: January 6, 2026 06:59
Posted by Ron E on Jan 05Bio-Formats contains an XML External Entity (XXE) vulnerability in the Leica Microsystems metadata parsing component. The vulnerability is caused by the use of an insecurely configured DocumentBuilderFactory when processing Leica…
MongoDB v8.3.0 Heap Buffer Underflow in OpenLDAP LMDB mdb_load
https://seclists.org/fulldisclosure/2026/Jan/5
Published: January 6, 2026 06:59
Posted by Ron E on Jan 05A heap buffer underflow vulnerability exists in the readline() function of OpenLDAP's Lightning Memory-Mapped Database (LMDB) mdb_load utility. The vulnerability is triggered through malformed input data and results in an…
zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility via Unbounded strcpy() on User-Supplied Archive Name
https://seclists.org/fulldisclosure/2026/Jan/3
Published: January 6, 2026 06:59
Posted by Ron E on Jan 05A global buffer overflow vulnerability exists in the TGZfname() function of the zlib untgz utility due to the use of an unbounded strcpy() call on attacker-controlled input. The utility copies a user-supplied archive name…
SigInt-Hombre v1 / dynamic Suricata detection rules from real-time threat feeds
https://seclists.org/fulldisclosure/2026/Jan/2
Published: January 6, 2026 06:58
Posted by malvuln on Jan 05SigInt-Hombre, generates derived Suricata detection rules from live URLhaus threat indicators at runtime and deploy them to the Security Onion platform for high-coverage real-time network monitoring. …
Security Vulnerability in Koller Secret: Real Hidden App (com.koller.secret.hidemyphoto)
https://seclists.org/fulldisclosure/2026/Jan/1
Published: January 6, 2026 06:57
Posted by duykham on Jan 05Hello Full Disclosure, I would like to disclose a security vulnerability identified in a smartphone application: *Koller Secret: Real Hidden App*. This report is shared in the interest of responsible disclosure and improving…
Linux Kernel Block Subsystem Vulnerabilities
https://seclists.org/fulldisclosure/2026/Jan/0
Published: January 6, 2026 06:56
Posted by Agent Spooky's Fun Parade via Fulldisclosure on Jan 05================================================================================ FULL DISCLOSURE: Linux Kernel Block Subsystem Vulnerabilities Date: 2025-12-29 Affected: Linux Kernel (all…