❌

Normal view

[REVIVE-SA-2026-003] Revive Adserver Vulnerabilities

9 July 2026 at 05:36

Posted by Matteo Beccati on Jul 08

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2026-003
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2026-003
------------------------------------------------------------------------
Date: 2026-06-25
Risk Level: Medium to High
Applications affected: Revive Adserver
Versions...

OPNsense XPATH Injection (CVE-2026-53582)

7 July 2026 at 06:39

Posted by evan on Jul 06

SUMMARY: a stored XPATH injection allows any user with just ca
manager/certificate manager perms to leak any secret key/any value in
config.xml, thus achieving privilege escalation and potentially remote
code execution. this can also likely be chained via csrf and some
clever hiding. see
https://github.com/opnsense/core/security/advisories/GHSA-xww7-76m6-mh2r

== VULN ==
the primary vulnerable sink is here:

$refcount =...

SCHUTZWERK-SA-2025-001: Authentication Bypass for SafeLine SL6 and SL6+

7 July 2026 at 06:38

Posted by Jan HΓΌber via Fulldisclosure on Jul 06

Authentication Bypass for SafeLine SL6 and SL6+
===============================================

The SafeLine SL6 and SL6+ devices integrated into elevator emergency
intercom systems are
vulnerable to an authentication bypass. This vulnerability allows
attackers to bypass
authentication requirements and access the device's configuration
service via the
Bluetooth Low Energy (BLE) interface. Consequently, an attacker within
wireless range...

Whistleblowersoftware.com: confidentiality and anonymity leakage to third parties

2 July 2026 at 18:40

Posted by Red Nanaki via Fulldisclosure on Jul 02

Whistleblowersoftware.com: confidentiality and anonymity leakage to third
parties

## Summary

The anonymous reporting flow on `whistleblowersoftware.com` encrypts report
text end-to-end in the browser but does not extend the same guarantee to
attachments and exposes the reporter's network identity and timing to a US-based
third party. Together these weaken the confidentiality and anonymity
properties the platform is expected to provide.

##...

OpenBlow Multiple Deanonymization Vulnerabilities

2 July 2026 at 18:40

Posted by Red Nanaki via Fulldisclosure on Jul 02

OpenBlow Multiple Deanonymization Vulnerabilities

Summary

A production deployment was observed (HTTP archive of a full, real whistleblower
submission) to route its anonymous reporting flow through Google. The intake
CAPTCHA is Google reCAPTCHA, enforced as a mandatory, server-validated gate
on report submission, and the UI additionally pulls a web font from
fonts.gstatic.com. As a result, every prospective whistleblower's browser
makes...

Whistlelink: Site-access password exposed in web server access logs via GET query string

2 July 2026 at 18:40

Posted by Red Nanaki via Fulldisclosure on Jul 02

Whistlelink: Site-access password exposed in web server access logs via GET
query string

Severity: CRITICAL

SUMMARY

The Whistlelink reporting portal protects optionally-enabled, password-gated
whistleblowing sites with a site-access password. When a visitor unlocks such a
site, the client validates the password by issuing an HTTP GET request that
carries the password as a URL query-string parameter:

GET...

APPLE-SA-06-29-2026-3 Safari 26.5.2

2 July 2026 at 18:25

Posted by Apple Product Security via Fulldisclosure on Jul 02

APPLE-SA-06-29-2026-3 Safari 26.5.2

Safari 26.5.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127685.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Web Extensions
Available for: macOS Sonoma and macOS Sequoia
Impact: A malicious web extension may be able to cause an...

APPLE-SA-06-29-2026-2 macOS Tahoe 26.5.2

2 July 2026 at 18:25

Posted by Apple Product Security via Fulldisclosure on Jul 02

APPLE-SA-06-29-2026-2 macOS Tahoe 26.5.2

macOS Tahoe 26.5.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127595.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

IOGPUFamily
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination...

APPLE-SA-06-29-2026-1 iOS 26.5.2 and iPadOS 26.5.2

2 July 2026 at 18:25

Posted by Apple Product Security via Fulldisclosure on Jul 02

APPLE-SA-06-29-2026-1 iOS 26.5.2 and iPadOS 26.5.2

iOS 26.5.2 and iPadOS 26.5.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127594.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

IOGPUFamily
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation
and later,...

pwnlift: symlink following and TOCTOU in privileged upload handler allow arbitrary file write as root

2 July 2026 at 18:25

Posted by Greg via Fulldisclosure on Jul 02

1. Advisory information
-----------------------
Title: Symlink following and TOCTOU in pwnlift upload handler allow arbitrary file write as root
Advisory: https://github.com/GregDurys/security-advisories
GHSA: GHSA-2v7v-rhpw-m9w4
CVE: CVE-2026-56815
Class: CWE-59 (Improper Link Resolution Before File Access),
CWE-367 (Time-of-check Time-of-use Race Condition)
CVSS: 7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date: 2026-06-27...

[KIS-2026-12] Control Web Panel <= 0.9.8.1224 (userRes) SQL Injection Vulnerability

2 July 2026 at 18:22

Posted by Egidio Romano on Jul 02

---------------------------------------------------------------------
Control Web Panel <= 0.9.8.1224 (userRes) SQL Injection Vulnerability
---------------------------------------------------------------------

[-] Software Link:

https://control-webpanel.com

[-] Affected Versions:

Version 0.9.8.1224 and prior versions.

[-] Vulnerability Description:

User input passed through the "userRes" POST parameter to...

[fulldis] CVE-2026-58451 - Horde Groupware IMP path traversal vuln

2 July 2026 at 18:22

Posted by γ…€evan via Fulldisclosure on Jul 02

this is my first time sending to a mailing list so ive chosen
something easy. here goes:

Summary: Horde Groupware’s IMP Webmail solution contains a path
traversal/local file inclusion vulnerability which could be exploited
to escalate privileges or bypass authentication (through CSRF if
unauthenticated).

the vulnerability is in here:

} elseif (strcasecmp($node->tagName, 'IMG') === 0) {
/* Check for smileys. They...

Samsung Galaxy Buds – Zero-Click HFP/A2DP Takeover via L2CAP Session Preemption (Vendor Response: Working as Intended)

2 July 2026 at 18:12

Posted by 490h3fqwomf via Fulldisclosure on Jul 02

Hello Full Disclosure,

The following publicly available research describes a Bluetooth attack against Samsung Galaxy Buds that leverages
connection arbitration behavior between HFP and A2DP profiles to preempt an active audio session.

Title:

Zero-Click HFP/A2DP Takeover via L2CAP Session Preemption
Exploiting Seamless Earbud Connection Arbitration to Bypass Pairing Trust Boundaries

According to the published research, an attacker within...

Asterisk Security Release 23.4.1

2 July 2026 at 18:10

Posted by Asterisk Development Team via Fulldisclosure on Jul 02

The Asterisk Development Team would like to announce security release
Asterisk 23.4.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.4.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.4.1

## Change Log for Release asterisk-23.4.1

### Links:

- [Full ChangeLog](...

Asterisk Security Release 22.10.1

2 July 2026 at 18:10

Posted by Asterisk Development Team via Fulldisclosure on Jul 02

The Asterisk Development Team would like to announce security release
Asterisk 22.10.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.10.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.10.1

## Change Log for Release asterisk-22.10.1

### Links:

- [Full ChangeLog](...
❌