Sources
Full Disclosure
- iOS Activation Flaw Enables Pre-User Device Compromise and Identity Exposure (iOS 18.5) 1 week 5 min old
- Remote DoS in httpx 1.7.0 – Out-of-Bounds Read via Malformed <title> Tag 1 week 5 days old
- CVE-2025-32978 - Quest KACE SMA Unauthenticated License Replacement 2 weeks 3 hours old
- CVE-2025-32977 - Quest KACE Unauthenticated Backup Upload 2 weeks 3 hours old
- CVE-2025-32976 - Quest KACE SMA 2FA Bypass 2 weeks 3 hours old
- CVE-2025-32975 - Quest KACE SMA Authentication Bypass 2 weeks 3 hours old
- RansomLord (NG v1.0) anti-ransomware exploit tool 2 weeks 3 hours old
- Disclosure Yealink Cloud vulnerabilities 2 weeks 3 hours old
- : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) 2 weeks 6 days old
- SEC Consult SA-20250612-0 :: Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer) 2 weeks 6 days old
- SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem 2 weeks 6 days old
- Call for Applications: ERCIM STM WG 2025 Award for the Best Ph.D. Thesis on Security and Trust Management (July 31, 2025) 2 weeks 6 days old
- SEC Consult SA-20250604-0 :: Local Privilege Escalation and Default Credentials in INDAMED - MEDICAL OFFICE (Medical practice management) Demo version 4 weeks 4 hours old
- Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft 4 weeks 4 hours old
- Defense in depth -- the Microsoft way (part 89): user group policies don't deserve tamper protection 4 weeks 6 days old
- CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 4 weeks 6 days old
- ERPNext v15.53.1 Stored XSS in bio Field Allows Arbitrary Script Execution in Profile Page 4 weeks 6 days old
- ERPNext v15.53.1 Stored XSS in user_image Field Allows Script Execution via Injected Image Path 4 weeks 6 days old
- Local information disclosure in apport and systemd-coredump 4 weeks 6 days old
- Stored XSS via File Upload - adaptcmsv3.0.3 4 weeks 6 days old
- IDOR "Change Password" Functionality - adaptcmsv3.0.3 4 weeks 6 days old
- Stored XSS "Send Message" Functionality - adaptcmsv3.0.3 4 weeks 6 days old
- Authenticated File Upload to RCE - adaptcmsv3.0.3 4 weeks 6 days old
- Stored XSS in "Description" Functionality - cubecartv6.5.9 4 weeks 6 days old
- Multiple Vulnerabilities in SAP GuiXT Scripting 4 weeks 6 days old
Daily Dave
- On becoming a carpenter 3 weeks 4 days old
- Re: Typey typey 5 weeks 3 days old
- Typey typey 5 weeks 6 days old
- Announcing the Parity Release of Volatility 3 and the Deprecation of Volatility 2 5 weeks 6 days old
- Re: Typey typey 5 weeks 6 days old
