Posted by shj on Jun 20

------------------------------------------------------------------------
OpenBSD mpls_do_error: Remote Kernel Stack Disclosure via MPLS Label
Stack Over-read
------------------------------------------------------------------------

Affected:  OpenBSD -current prior to 2026-06-18 (fixed in -current)
Vendor:    OpenBSD
Severity:  Medium
Reporter:  Argus Systems
Date:      2026-06-12
CVE:       CVE-2026-56099

1. SUMMARY
==========

The...

Posted by shj on Jun 20

------------------------------------------------------------------------
OpenBSD sppp_pap_input: PAP Authentication Bypass via Zero-Length bcmp
------------------------------------------------------------------------

Affected:  OpenBSD all versions through 7.6 (fixed in -current)
Vendor:    OpenBSD
Severity:  High
Reporter:  Argus
Date:      2026-06-16

1. SUMMARY
==========

The sppp_pap_input() function in sys/net/if_spppsubr.c uses...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 20

SEC Consult Vulnerability Lab Security Advisory < 20260618-0 >
=======================================================================
title: Hardcoded Root Cloud Credentials in Application Binaries
product: Silver Leaf Technologies - Worksnaps.net Worksnaps
vulnerable version: <1.6.20260201
      fixed version: 1.6.20260201
         CVE number: CVE-2025-10560
impact: critical...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 20

SEC Consult Vulnerability Lab Security Advisory < 20260617-1 >
=======================================================================
title: Multiple Vulnerabilities
            product: Quanos Content Solutions - SCHEMA ST4
 vulnerable version: All versions of SCHEMA ST4 on-premises
    fixed version: Not applicable, see workaround section for mitigation.
CVE number: CVE-2026-11857, CVE-2026-11858...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 20

SEC Consult Vulnerability Lab Security Advisory < 20260617-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Sprecher Automation SPRECON-E-C/-E-P/-E-T3
 vulnerable version: See vulnerable versions below
fixed version: See solution section below
         CVE number: CVE-2022-4333, CVE-2022-4332, CVE-2025-41741,
       ...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 20

SEC Consult Vulnerability Lab Security Advisory < 20260616-0 >
=======================================================================
title: Broken Access Control
            product: syracom AG Secure Login (2FA) for Atlassian Jira /
Confluence / Bitbucket
 vulnerable version: 3.4.0.x
      fixed version: 3.5.0.0
CVE number: CVE-2026-12225
             impact: High...

Posted by Apple Product Security via Fulldisclosure on Jun 20

APPLE-SA-06-16-2026-1 Beats Firmware Update 1B211

Beats Firmware Update 1B211 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127557.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Bluetooth
Available for: Beats Studio Buds
Impact: An attacker within Bluetooth range may be able...

Posted by Khashayar Fereidani on Jun 20

# PHP 8.5.7 `levenshtein()` signed-integer overflow

**Author:** Khashayar Fereidani
**Disclosure Date:** 2026-06-18
**Advisory:** https://fereidani.com/php-857-levenshtein-signed-integer-overflow
**Contact:** https://fereidani.com/contact

## Description

The `levenshtein()` function calculates the Levenshtein distance
between two strings, optionally accepting custom costs for insertion,
replacement, and deletion operations. In PHP 8.5.7, the...

Posted by Khashayar Fereidani on Jun 20

# PHP 8.5.7 `dom_xml_serialization_algorithm()` stack-overflow

**Author:** Khashayar Fereidani
**Disclosure Date:** 2026-06-18
**Advisory:** https://fereidani.com/php-857-domxmlserializationalgorithm-stack-overflow
**Contact:** https://fereidani.com/contact

## Description

The `dom_xml_serialization_algorithm()` and
`dom_xml_serialize_element_node()` functions in
`ext/dom/xml_serializer.c` rely on unbounded recursion to serialize
XML nodes....

Posted by Khashayar Fereidani on Jun 20

# PHP 8.5.7 `mb_substr()` 'SJIS-mac' size_t underflow

**Author:** Khashayar Fereidani
**Disclosure Date:** 2026-06-18
**Advisory:** https://fereidani.com/php-857-mbsubstr-sjis-mac-sizet-underflow
**Contact:** https://fereidani.com/contact

## Description

The `mb_get_substr()` function in `ext/mbstring/mbstring.c`
deliberately skips an early empty return guard for the `SJIS-mac`
encoding when `from >= in_len`. As a result, it falls...

Posted by Khashayar Fereidani on Jun 20

# PHP 8.5.7 `FILTER_SANITIZE_ENCODED` uninitialized read

**Author:** Khashayar Fereidani
**Disclosure Date:** 2026-06-18
**Advisory:** https://fereidani.com/php-857-filtersanitizeencoded-uninitialized-read
**Contact:** https://fereidani.com/contact

## Description

In `ext/filter/sanitizing_filters.c`, the `php_filter_encode_url`
function leaves the `255`th byte (`0xFF`) of a transient array
uninitialized. An array of 256 bytes is populated...

Posted by Alessandro Bertoldi BCS via Fulldisclosure on Jun 20

CVE-2025-68624: Cross-Tenant Authentication Bypass by Spoofing in N-able Mail Assure

CVE ID: CVE-2025-68624
Status: DISPUTED
CWE: CWE-290 (Authentication Bypass by Spoofing)
Affected Product: N-able Mail Assure (formerly SolarWinds MSP Mail Assure)
Affected Service: N-able Mail Assure cloud-based multi-tenant SMTP relay infrastructure
Vendor: N-able Technologies
Initial Discovery: October 2018
Public Disclosure: November 2025, DeepSec Vienna...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 15

SEC Consult Vulnerability Lab Security Advisory < 20260615-1 >
=======================================================================
title: Multiple Vulnerabilities
          product: Wertheim SafeController Hardware for VAULT ROOMS
(Safe Deposit Locker System – Microcontroller)
vulnerable version: Controller 65000 - AssemblyVersion 6.11.8130.22319
                    Controller...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 15

SEC Consult Vulnerability Lab Security Advisory < 20260615-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Wertheim SafeController Software for VAULT ROOMS
(Safe Deposit Locker System)
vulnerable version: AssemblyVersion 6.15.8328.28014
fixed version: No information provided by vendor
CVE number:...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 15

SEC Consult Vulnerability Lab Security Advisory < 20260610-0 >
=======================================================================
title: Local Privilege Escalation
product: Slate Digital Connect (macOS)
 vulnerable version: 1.37.0
fixed version: -
CVE number: CVE-2026-24066, CVE-2026-24067
             impact: high
homepage:...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 08

SEC Consult Vulnerability Lab Security Advisory < 20260608-0 >
=======================================================================
title: Privilege Escalation via Binary Planting
            product: Genetec-provided RabbitMQ in multiple Genetec products
vulnerable version: Multiple products, see below.
      fixed version: Multiple products, see below.
CVE number: CVE-2026-25112
           ...

Posted by Moritz Bechler via Fulldisclosure on Jun 08

Advisory ID: SYSS-2026-004
Product: SAP NetWeaver ABAP / SAP_BASIS
Manufacturer: SAP SE
Affected Version(s): SAP_BASIS 700 - 918
Tested Version(s): 7.93 Patch 300
Vulnerability Type: CWE-347: Improper Verification of Cryptographic Signature
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2025-11-06
Solution Date: 2026-02-10...

Posted by Matteo Beccati on Jun 04

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2026-002
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2026-002
------------------------------------------------------------------------
Date: 2026-06-03
Risk Level: Medium to High
Applications affected: Revive Adserver
Versions...

Posted by Thomas Weber | CyberDanube via Fulldisclosure on May 31

CyberDanube Security Research 20260528-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities
product| Mennekes Amtron Series and Smart-T PnC
vulnerable version| 5.22.3
fixed version| 5.33.11-21500
CVE number| CVE-2026-8979, CVE-2026-8980
impact| High
homepage| https://www.mennekes.at/
found|...

Posted by binreaper via Fulldisclosure on May 31

Hi all,

Posting a brief summary of a four-finding disclosure on bmcweb (the OpenBMC HTTP/Redfish web server), which ships in
BMC firmware on most modern enterprise servers — Intel, IBM, HPE, NVIDIA, and various ODMs.

Full timeline and analysis on the blog:

https://binreaper.pages.dev/posts/2026-05-27-bmcweb-disclosure/

## Why bmcweb matters

A Baseboard Management Controller boots before the host CPU, has full control over the server...