Full Disclosure
CyberDanube Security Research 20251215-0 | Multiple Vulnerabilities in Phoenix Contact FL Switch Series
December 18^th 2025 at 06:52

CyberDanube Security Research 20251215-0 | Multiple Vulnerabilities in Phoenix Contact FL Switch Series

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 17

CyberDanube Security Research 20251215-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities
product| FL Switch
vulnerable version| 3.40
fixed version| TODO
CVE number| CVE-2025-41692, CVE-2025-41693, CVE-2025-41694,
| CVE-2025-41695, CVE-2025-41696, CVE-2025-41697,
| CVE-2025-41745,...

🏷️ My labels
- ❌
December 18^th 2025 at 06:52

Full Disclosure
[KIS-2025-09] Control Web Panel <= 0.9.8.1208 (admin/index.php) OS Command Injection Vulnerability
December 18^th 2025 at 06:52

[KIS-2025-09] Control Web Panel <= 0.9.8.1208 (admin/index.php) OS Command Injection Vulnerability

Posted by Egidio Romano on Dec 17

------------------------------------------------------------------------------------
Control Web Panel <= 0.9.8.1208 (admin/index.php) OS Command Injection
Vulnerability
------------------------------------------------------------------------------------

[-] Software Link:

https://control-webpanel.com

[-] Affected Versions:

Version 0.9.8.1208 and prior versions.

[-] Vulnerability Description:

User input passed via the "key" GET...

🏷️ My labels
- ❌
December 18^th 2025 at 06:52

Full Disclosure
Raydium CP Swap: Unchecked Account Allows Creator Fee Hijacking
December 18^th 2025 at 06:52

Raydium CP Swap: Unchecked Account Allows Creator Fee Hijacking

Posted by LRKTBEYK LRKTBEYK on Dec 17

I tried to report these vulnerabilities to ImmuneFi, but they closed it
(report 62070) as "out of scope." I believe them when they tell me
something is out of scope, so now it's public.

https://github.com/raydium-io/raydium-cp-swap/pull/62

These vulnerabilities collectively enable fee theft, creator fee hijacking,
and potential user exploitation through uncapped fee rates. Issue #3 allows
attackers to steal all creator fees from...

🏷️ My labels
- ❌
December 18^th 2025 at 06:52

Full Disclosure
[CFP] Security BSidesLjubljana 0x7EA | March 13, 2026
December 18^th 2025 at 06:51

[CFP] Security BSidesLjubljana 0x7EA | March 13, 2026

Posted by Andraz Sraka on Dec 17

MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMN..-..--+MMNy:...-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MM:..---.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
Mm../dds.-oy.-.dMh--mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
My:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohM
MMMs//yMNo+hMh---m:-:hy+sMN..+Mo..os+.-:Ny--ossssdN-.:yyo+mM...

🏷️ My labels
- ❌
December 18^th 2025 at 06:51

Full Disclosure
[KIS-2025-08] 1C-Bitrix <= 25.100.500 (Translate Module) Remote Code Execution Vulnerability
December 16^th 2025 at 05:19

[KIS-2025-08] 1C-Bitrix <= 25.100.500 (Translate Module) Remote Code Execution Vulnerability

Posted by Egidio Romano on Dec 15

------------------------------------------------------------------------------
1C-Bitrix <= 25.100.500 (Translate Module) Remote Code Execution Vulnerability
------------------------------------------------------------------------------

[-] Software Link:

https://www.1c-bitrix.ru

[-] Affected Versions:

Version 25.100.500 and prior versions.

[-] Vulnerability Description:

The vulnerability is located within the "Translate...

🏷️ My labels
- ❌
December 16^th 2025 at 05:19

Full Disclosure
[KIS-2025-07] Bitrix24 <= 25.100.300 (Translate Module) Remote Code Execution Vulnerability
December 16^th 2025 at 05:19

[KIS-2025-07] Bitrix24 <= 25.100.300 (Translate Module) Remote Code Execution Vulnerability

Posted by Egidio Romano on Dec 15

-----------------------------------------------------------------------------
Bitrix24 <= 25.100.300 (Translate Module) Remote Code Execution Vulnerability
-----------------------------------------------------------------------------

[-] Software Link:

https://www.bitrix24.com

[-] Affected Versions:

Version 25.100.300 and prior versions.

[-] Vulnerability Description:

The vulnerability is located within the "Translate Module",...

🏷️ My labels
- ❌
December 16^th 2025 at 05:19

Full Disclosure
nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality
December 16^th 2025 at 05:19

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality

Posted by Onur Tezcan via Fulldisclosure on Dec 15

[Attack Vectors]
> It was identified Cross-Site Request Forgery (CSRF) vulnerability on the "Run now" button of Schedule tasks
functionality. Exploiting this vulnerability, an attacker can run a scheduled task without the victim users consent or
knowledge.

Assigned CVE code:
> CVE-2025-65593

[Discoverer]
> AlterSec t/a PenTest.NZ

🏷️ My labels
- ❌
December 16^th 2025 at 05:19

Full Disclosure
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality
December 16^th 2025 at 05:19

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality

Posted by Onur Tezcan via Fulldisclosure on Dec 15

[Attack Vectors]
> It was detected that multiple Stored Cross-Site Scripting (Stored XSS) vulnerabilities in the product
management functionality. Malicious JavaScript payloads inserted into the "Product Name" and "Short Description" fields
are stored in the backend database and executed automatically whenever a user (administrator or customer) views the
affected pages.

Assigned CVE code:
...

🏷️ My labels
- ❌
December 16^th 2025 at 05:19

Full Disclosure
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality.
December 16^th 2025 at 05:19

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality.

Posted by Onur Tezcan via Fulldisclosure on Dec 15

[Attack Vectors]
> It was detected that a Stored XSS vulnerability on the "Currencies" functionality, specifically on the
following input field: "Configuration > Currencies > Edit one of the currencies > "Custom formatting" input field.
After saving the payload, the vulnerability can be triggered by visiting the following pages:
- Bestsellers,
- "Sales" > "Orders"...

🏷️ My labels
- ❌
December 16^th 2025 at 05:19

Full Disclosure
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area
December 16^th 2025 at 05:19

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area

Posted by Onur Tezcan via Fulldisclosure on Dec 15

[Attack Vectors]
> It was detected that a Stored XSS vulnerability in the "Content Management" > "Blog posts" area. Malicious
HTML/JavaScript added to the Body overview field of a blog post is stored in the backend and executes when the blog
page is visited (http://localhost/blog/)

Assigned CVE code:
> CVE-2025-65590

[Discoverer]
> AlterSec t/a PenTest.NZ

🏷️ My labels
- ❌
December 16^th 2025 at 05:19

Full Disclosure
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality
December 16^th 2025 at 05:19

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality

Posted by Onur Tezcan via Fulldisclosure on Dec 15

[Attack Vectors]
> It was detected that a Stored XSS vulnerability in the Attributes management workflow. An attacker can insert
JavaScript into the Name field when adding a new Attribute Group (Catalog > Attributes > Specification attributes > Add
Group > Name input field). To exploit the vulnerability, privileged users should visit the "Specification attributes
page.

Assigned CVE code:
>...

🏷️ My labels
- ❌
December 16^th 2025 at 05:19

Full Disclosure
Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)
December 16^th 2025 at 05:18

Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)

Posted by Yuffie Kisaragi via Fulldisclosure on Dec 15

UPDATE:

The reported vulnerabilities have now been assigned CVE identifiers:
CVE-2025-34411: https://www.cve.org/cverecord?id=CVE-2025-34411
[https://www.cve.org/cverecord?id=CVE-2025-34411]
CVE-2025-34412: https://www.cve.org/cverecord?id=CVE-2025-34412
[https://www.cve.org/cverecord?id=CVE-2025-34412]

🏷️ My labels
- ❌
December 16^th 2025 at 05:18

Full Disclosure
APPLE-SA-12-12-2025-9 Safari 26.2
December 16^th 2025 at 05:18

APPLE-SA-12-12-2025-9 Safari 26.2

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-12-12-2025-9 Safari 26.2

Safari 26.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125892.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Safari
Available for: macOS Sonoma and macOS Sequoia
Impact: On a Mac with Lockdown Mode enabled, web content opened via a
file URL may...

🏷️ My labels
- ❌
December 16^th 2025 at 05:18

APPLE-SA-12-12-2025-8 visionOS 26.2

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-12-12-2025-8 visionOS 26.2

visionOS 26.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125891.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

App Store
Available for: Apple Vision Pro (all models)
Impact: An app may be able to access sensitive payment tokens
Description: A...

🏷️ My labels
- ❌
December 16^th 2025 at 05:18

APPLE-SA-12-12-2025-7 watchOS 26.2

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-12-12-2025-7 watchOS 26.2

watchOS 26.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125890.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

App Store
Available for: Apple Watch Series 6 and later
Impact: An app may be able to access sensitive payment tokens
Description: A...

🏷️ My labels
- ❌
December 16^th 2025 at 05:18

Full Disclosure
APPLE-SA-12-12-2025-6 tvOS 26.2
December 16^th 2025 at 05:18

APPLE-SA-12-12-2025-6 tvOS 26.2

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-12-12-2025-6 tvOS 26.2

tvOS 26.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125889.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleJPEG
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing a file may lead to memory corruption
Description: The...

🏷️ My labels
- ❌
December 16^th 2025 at 05:18

Full Disclosure
APPLE-SA-12-12-2025-5 macOS Sonoma 14.8.3
December 16^th 2025 at 05:18

APPLE-SA-12-12-2025-5 macOS Sonoma 14.8.3

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-12-12-2025-5 macOS Sonoma 14.8.3

macOS Sonoma 14.8.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125888.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleJPEG
Available for: macOS Sonoma
Impact: Processing a file may lead to memory corruption
Description: The issue was...

🏷️ My labels
- ❌
December 16^th 2025 at 05:18

Full Disclosure
APPLE-SA-12-12-2025-4 macOS Sequoia 15.7.3
December 16^th 2025 at 05:18

APPLE-SA-12-12-2025-4 macOS Sequoia 15.7.3

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-12-12-2025-4 macOS Sequoia 15.7.3

macOS Sequoia 15.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125887.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleJPEG
Available for: macOS Sequoia
Impact: Processing a file may lead to memory corruption
Description: The issue...

🏷️ My labels
- ❌
December 16^th 2025 at 05:18

APPLE-SA-12-12-2025-3 macOS Tahoe 26.2

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-12-12-2025-3 macOS Tahoe 26.2

macOS Tahoe 26.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125886.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

App Store
Available for: macOS Tahoe
Impact: An app may be able to access sensitive payment tokens
Description: A permissions...

🏷️ My labels
- ❌
December 16^th 2025 at 05:18

Full Disclosure
Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)
December 5^th 2025 at 18:02

Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)

Posted by Yuffie Kisaragi via Fulldisclosure on Dec 05

Advisory ID: CONVERCENT-2025-001
Title: Multiple Security Misconfigurations and Customer Enumeration Exposure in
Convercent Whistleblowing Platform (EQS Group)
Date: 2025-12-04
Vendor: EQS Group
Product: Convercent Whistleblowing Platform (app.convercent.com)
Severity: Critical
CVSS v4.0 Base Score: 9.3
Vector: AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Summary

A series of security weaknesses were identified in the Convercent...

🏷️ My labels
- ❌
December 5^th 2025 at 18:02

Full Disclosure
8 vulnerabilities in AudioCodes Fax/IVR Appliance
December 2^nd 2025 at 05:29

8 vulnerabilities in AudioCodes Fax/IVR Appliance

Posted by Pierre Kim on Dec 01

## Advisory Information

Title: 8 vulnerabilities in AudioCodes Fax/IVR Appliance
Advisory URL: https://pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txt
Blog URL: https://pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilities.html
Date published: 2025-11-20
Vendors contacted: Audiocodes
Release mode: Released
CVE: CVE-2025-34328, CVE-2025-34329, CVE-2025-34330, CVE-2025-34331,
CVE-2025-34332, CVE-2025-34333,...

🏷️ My labels
- ❌
December 2^nd 2025 at 05:29

Full Disclosure
2 vulnerabilities in Egovframe
December 2^nd 2025 at 05:29

2 vulnerabilities in Egovframe

Posted by Pierre Kim on Dec 01

## Advisory Information

Title: 2 vulnerabilities in Egovframe
Advisory URL: https://pierrekim.github.io/advisories/2025-egovframe.txt
Blog URL: https://pierrekim.github.io/blog/2025-11-20-egovframe-2-vulnerabilities.html
Date published: 2025-11-20
Vendors contacted: KISA/KrCERT
Release mode: Released
CVE: CVE-2025-34336, CVE-2025-34337

## Product description

Egovframe is a Java-based framework mainly used in the websites of the
Government of...

🏷️ My labels
- ❌
December 2^nd 2025 at 05:29

Full Disclosure
[REVIVE-SA-2025-005] Revive Adserver Vulnerability
December 2^nd 2025 at 05:28

[REVIVE-SA-2025-005] Revive Adserver Vulnerability

Posted by Matteo Beccati on Dec 01

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2025-005
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2025-005
------------------------------------------------------------------------
Date: 2025-11-26
Risk Level: Medium
Applications affected: Revive...

🏷️ My labels
- ❌
December 2^nd 2025 at 05:28

Full Disclosure
Missing Critical Security Headers in Legality WHISTLEBLOWING
December 2^nd 2025 at 05:27

Missing Critical Security Headers in Legality WHISTLEBLOWING

Posted by Aerith Gainsborough via Fulldisclosure on Dec 01

Advisory ID: LEGALITYWHISTLEBLOWING-2025-001
Title: Missing Critical Security Headers in Legality WHISTLEBLOWING
Date: 2025-11-29
Vendor: DigitalPA (segnalazioni.net)
Severity: High
CVSS v3.1 Base Score: 8.2 (High)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Summary:

Multiple public deployments of Legality WHISTLEBLOWING by DigitalPA
are missing essential HTTP security headers.
This misconfiguration exposes users to client-side attacks...

🏷️ My labels
- ❌
December 2^nd 2025 at 05:27

Full Disclosure
[REVIVE-SA-2025-004] Revive Adserver Vulnerabilities
November 19^th 2025 at 20:03

[REVIVE-SA-2025-004] Revive Adserver Vulnerabilities

Posted by Matteo Beccati on Nov 19

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2025-004
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2025-004
------------------------------------------------------------------------
Date: 2025-11-19
Risk Level: Medium
Applications affected: Revive...

🏷️ My labels
- ❌
November 19^th 2025 at 20:03

Full Disclosure
[REVIVE-SA-2025-003] Revive Adserver Vulnerabilities
November 19^th 2025 at 20:03

[REVIVE-SA-2025-003] Revive Adserver Vulnerabilities

Posted by Matteo Beccati on Nov 19

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2025-003
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2025-003
------------------------------------------------------------------------
Date: 2025-11-05
Risk Level: High
Applications affected: Revive...

🏷️ My labels
- ❌
November 19^th 2025 at 20:03

Full Disclosure
[SYSS-2025-059]: Dell computer UEFI boot protection bypass
November 19^th 2025 at 20:03

[SYSS-2025-059]: Dell computer UEFI boot protection bypass

Posted by Micha Borrmann via Fulldisclosure on Nov 19

Advisory ID: SYSS-2025-059
Product: Dell computer
Manufacturer: Dell
Affected Version(s): Probably all Dell computers
Tested Version(s): Latitude 5431 (BIOS 1.33.1),
Latitude 7320 (BIOS 1.44.1),
Latitude 7400 (BIOS 1.41.1),
Latitude 7480 (BIOS 1.41.3),
Latitude 9430 (BIOS...

🏷️ My labels
- ❌
November 19^th 2025 at 20:03

Full Disclosure
Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
November 14^th 2025 at 02:03

Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)

Posted by Patrick via Fulldisclosure on Nov 13

Hello Jan,

You are completely right and it’s something I warned about early, which is abuse of AI-generated sensationalized
headline and fake PoC-s, for fame.

I urge the Full Disclosure staff to look into it.

Discussions with the individual responsible seem to be fruitless, and this likely constitutes abuse of this mailing
list.

Sent from Proton Mail for iOS.

-------- Original Message --------

I looked at few repos and posts of...

🏷️ My labels
- ❌
November 14^th 2025 at 02:03

APPLE-SA-11-13-2025-1 Compressor 4.11.1

Posted by Apple Product Security via Fulldisclosure on Nov 13

APPLE-SA-11-13-2025-1 Compressor 4.11.1

Compressor 4.11.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125693.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Compressor
Available for: macOS Sequoia 15.6 and later
Impact: An unauthenticated user on the same network as a Compressor...

🏷️ My labels
- ❌
November 14^th 2025 at 02:02

Full Disclosure
Re: 83 vulnerabilities in Vasion Print / PrinterLogic
November 14^th 2025 at 02:02

Re: 83 vulnerabilities in Vasion Print / PrinterLogic

Posted by Pierre Kim on Nov 13

No message preview for long message of 668188 bytes.

🏷️ My labels
- ❌
November 14^th 2025 at 02:02

Full Disclosure
Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
November 7^th 2025 at 13:49

Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)

Posted by Joseph Goydish II via Fulldisclosure on Nov 07

Hey Patrick, I understand the doubt.

However… what’s not slop is reproducible logs I provided a video of and the testable, working exploit I provided.

Neither is the upstream patches that can be tracked from the disclosure dates to the cve’s listed in the report.

The exploit was caught in the wild, reversed engineered via log analysis and the logs provided are simply observed
behavior. Please feel free to independently test the...

🏷️ My labels
- ❌
November 7^th 2025 at 13:49

Full Disclosure
Re: : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
November 7^th 2025 at 13:49

Re: : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)

Posted by Jan Schermer on Nov 07

I looked at few repos and posts of "Joseph Goydish".
It all seems to be thinly veiled AI slop and BS.
Cited vulns are not attributed to him really and those chains don’t make a lot of sense. Screen recordings look
suspicious, some versions reference High Sierra for some reason (but I can’t find those bits now).

I invite anyone to look at his GH repos and scroll through commit history.
Does this make any sense?...

🏷️ My labels
- ❌
November 7^th 2025 at 13:49

Full Disclosure
runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881
November 7^th 2025 at 13:45

runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881

Posted by Aleksa Sarai via Fulldisclosure on Nov 07

| NOTE: This advisory was sent to <security-announce () opencontainers org>
| on 2025-10-16. If you ship any Open Container Initiative software, we
| highly recommend that you subscribe to our security-announce list in
| order to receive more timely disclosures of future security issues.
| The procedure for subscribing to security-announce is outlined here:
| <...

🏷️ My labels
- ❌
November 7^th 2025 at 13:45

Full Disclosure
OXAS-ADV-2025-0002: OX App Suite Security Advisory
November 7^th 2025 at 13:45

OXAS-ADV-2025-0002: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Nov 07

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2025/oxas-adv-2025-0002.html.

Yours sincerely,
Martin Heiland, Open-Xchange...

🏷️ My labels
- ❌
November 7^th 2025 at 13:45

Full Disclosure
APPLE-SA-11-05-2025-1 iOS 18.7.2 and iPadOS 18.7.2
November 7^th 2025 at 13:44

APPLE-SA-11-05-2025-1 iOS 18.7.2 and iPadOS 18.7.2