WordPress Backup Migration 1.3.7 - Remote Command Execution

mailcow 2025-01a - Host Header Password Reset Poisoning

Easy File Sharing Web Server v7.2 - Buffer Overflow

WeGIA 3.5.0 - SQL Injection

Boss Mini v1.4.0 - Local File Inclusion (LFI)

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 22

SEC Consult Vulnerability Lab Security Advisory < 20260218-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: NesterSoft WorkTime (on-prem/cloud)
vulnerable version: <= 11.8.8
fixed version: No patch available, vendor unresponsive.
CVE number: CVE-2025-15563, CVE-2025-15562, CVE-2025-15561...

Posted by Egidio Romano on Feb 22

----------------------------------------------------------------------------
SmarterMail <= 9518 (MailboxId) Reflected Cross-Site Scripting Vulnerability
----------------------------------------------------------------------------

[-] Software Link:

https://www.smartertools.com/smartermail/business-email-server

[-] Affected Versions:

Build 9518 and prior builds.

[-] Vulnerability Description:

User input passed through the...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 16

SEC Consult Vulnerability Lab Security Advisory < 20260212-0 >
=======================================================================
title: Multiple Vulnerabilities
            product: Various Solax Power Pocket WiFi models
 vulnerable version: See section below
      fixed version: See section below
         CVE number: CVE-2025-15573, CVE-2025-15574, CVE-2025-15575
             impact: High...

Posted by privexploits via Fulldisclosure on Feb 16

Advisory: Authenticated Remote Code Execution in pfSense CECVEs: CVE-2025-69690, CVE-2025-69691
Researcher: Nelson Adhepeau (privexploits () protonmail com)
Date: February 2026

== RESPONSIBLE DISCLOSURE NOTICE ==

This advisory is published in accordance with responsible disclosure practices. 

The vendor was notified on December 2, 2025, acknowledged the reports, and indicated no patches would be issued.
Publication follows standard 90-day...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-9 Safari 26.3

Safari 26.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126354.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

CFNetwork
Available for: macOS Sonoma and macOS Sequoia
Impact: A remote user may be able to write arbitrary files
Description: A path...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-8 visionOS 26.3

visionOS 26.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126353.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: Apple Vision Pro (all models)
Impact: An app may be able to access sensitive user data...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-7 watchOS 26.3

watchOS 26.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126352.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Bluetooth
Available for: Apple Watch Series 6 and later
Impact: An attacker in a privileged network position may be able to
perform...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-6 tvOS 26.3

tvOS 26.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126351.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Bluetooth
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker in a privileged network position may be able to...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-5 macOS Sonoma 14.8.4

macOS Sonoma 14.8.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126350.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-4 macOS Sequoia 15.7.4

macOS Sequoia 15.7.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126349.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-3 macOS Tahoe 26.3

macOS Tahoe 26.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126348.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A parsing...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-2 iOS 18.7.5 and iPadOS 18.7.5

iOS 18.7.5 and iPadOS 18.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126347.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-1 iOS 26.3 and iPadOS 26.3

iOS 26.3 and iPadOS 26.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126346.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation
and later, iPad Pro...

Posted by Hanno Böck on Feb 16

During tests of electronic invoicing tools, I discovered multiple XXE
and Blind XXE vulnerabilities in online tools parsing electronic
invoices in XML formats.

While most of the affected tools have fixed these vulnerabilities, two
online tools remain vulnerable to Blind XXE attacks, allowing
exfiltration of files. Disclosure to the affected operators happened
more than 90 days ago.

Vulnerable tools:

https://validator.invoice-portal.de/...

Posted by Darsh Naik on Feb 16

🔓 The Attack Path — No Login, SYSTEM Access

1. Boot into setup.exe (via USB, PXE, or OOBM like Intel vPro).
2. Click “Repair your computer” → Enter WinRE.
3. Press Shift + F10 → SYSTEM-level Command Prompt.
4. From there, attacker can:
- Run `net user` to create new admin accounts
- Use `diskpart` to wipe or reformat drives
- Use `manage-bde -off` or `bcdedit` to disable BitLocker
- Replace `utilman.exe` to bypass login...