❌

Reading view

[NotCVE-2026-0001] Cloudflare Universal SSL CAA augmentation weakens RFC 8657 account binding β€” CVE-2026-14440 assigned 163 days after public no-CVE disclosure

Posted by NotCVE Advisories on Jul 15

----------------------------------------------------------------------------
NotCVE Disclosure Update β€” NotCVE-2026-0001 / CVE-2026-14440
----------------------------------------------------------------------------

[-] Summary:

On 2026-01-19 the issue described below was published as NotCVE-2026-0001
after no CVE identifier was assigned for it. On 2026-07-01 β€” 163 days
later β€” Cloudflare assigned CVE-2026-14440 to the same issue, now...
  •  

Subject: Advisory Submission: EZ Game Booster - Cleartext Storage of Sensitive Credentials (CWE-312)

Posted by AliReza on Jul 15

# Exploit Title: EZ Game Booster v1.0.0 - Cleartext Credentials in user.config
# Date: 2026-07-16
# Exploit Author: Alireza Chegini
# Vendor Homepage: https://ezsystemrepairs.com
# Software Link: https://ezsystemrepairs.com (Free version available)
# Version: 1.0.0 (v2.0 exists but not tested - paid license required)
# Tested on: Windows 10 / Windows 11
# CVE: Pending
============================================================

1. Description...
  •  

CVE-2026-56877 - Skillable SCORM userId authorisation bypass

Posted by Greg via Fulldisclosure on Jul 15

Skillable's SCORM lab launch endpoint validates a launch token but
enforces per-user allocation limits using a browser-supplied userId
that is not bound to the validated token. An authenticated learner
can modify this identifier to bypass configured limits, launch
concurrent lab instances, and consume another learner's allocation.
Skillable states that no fix is planned for the legacy SCORM launch
path. CVE-2026-56877 was assigned by...
  •  

[REVIVE-SA-2026-003] Revive Adserver Vulnerabilities

Posted by Matteo Beccati on Jul 08

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2026-003
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2026-003
------------------------------------------------------------------------
Date: 2026-06-25
Risk Level: Medium to High
Applications affected: Revive Adserver
Versions...
  •  

OPNsense XPATH Injection (CVE-2026-53582)

Posted by evan on Jul 06

SUMMARY: a stored XPATH injection allows any user with just ca
manager/certificate manager perms to leak any secret key/any value in
config.xml, thus achieving privilege escalation and potentially remote
code execution. this can also likely be chained via csrf and some
clever hiding. see
https://github.com/opnsense/core/security/advisories/GHSA-xww7-76m6-mh2r

== VULN ==
the primary vulnerable sink is here:

$refcount =...
  •  

SCHUTZWERK-SA-2025-001: Authentication Bypass for SafeLine SL6 and SL6+

Posted by Jan HΓΌber via Fulldisclosure on Jul 06

Authentication Bypass for SafeLine SL6 and SL6+
===============================================

The SafeLine SL6 and SL6+ devices integrated into elevator emergency
intercom systems are
vulnerable to an authentication bypass. This vulnerability allows
attackers to bypass
authentication requirements and access the device's configuration
service via the
Bluetooth Low Energy (BLE) interface. Consequently, an attacker within
wireless range...
  •  
❌