Reading view

[REVIVE-SA-2026-003] Revive Adserver Vulnerabilities

Posted by Matteo Beccati on Jul 08

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2026-003
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2026-003
------------------------------------------------------------------------
Date: 2026-06-25
Risk Level: Medium to High
Applications affected: Revive Adserver
Versions...
  •  

OPNsense XPATH Injection (CVE-2026-53582)

Posted by evan on Jul 06

SUMMARY: a stored XPATH injection allows any user with just ca
manager/certificate manager perms to leak any secret key/any value in
config.xml, thus achieving privilege escalation and potentially remote
code execution. this can also likely be chained via csrf and some
clever hiding. see
https://github.com/opnsense/core/security/advisories/GHSA-xww7-76m6-mh2r

== VULN ==
the primary vulnerable sink is here:

$refcount =...
  •  

SCHUTZWERK-SA-2025-001: Authentication Bypass for SafeLine SL6 and SL6+

Posted by Jan Hüber via Fulldisclosure on Jul 06

Authentication Bypass for SafeLine SL6 and SL6+
===============================================

The SafeLine SL6 and SL6+ devices integrated into elevator emergency
intercom systems are
vulnerable to an authentication bypass. This vulnerability allows
attackers to bypass
authentication requirements and access the device's configuration
service via the
Bluetooth Low Energy (BLE) interface. Consequently, an attacker within
wireless range...
  •  

Whistleblowersoftware.com: confidentiality and anonymity leakage to third parties

Posted by Red Nanaki via Fulldisclosure on Jul 02

Whistleblowersoftware.com: confidentiality and anonymity leakage to third
parties

## Summary

The anonymous reporting flow on `whistleblowersoftware.com` encrypts report
text end-to-end in the browser but does not extend the same guarantee to
attachments and exposes the reporter's network identity and timing to a US-based
third party. Together these weaken the confidentiality and anonymity
properties the platform is expected to provide.

##...
  •  

OpenBlow Multiple Deanonymization Vulnerabilities

Posted by Red Nanaki via Fulldisclosure on Jul 02

OpenBlow Multiple Deanonymization Vulnerabilities

Summary

A production deployment was observed (HTTP archive of a full, real whistleblower
submission) to route its anonymous reporting flow through Google. The intake
CAPTCHA is Google reCAPTCHA, enforced as a mandatory, server-validated gate
on report submission, and the UI additionally pulls a web font from
fonts.gstatic.com. As a result, every prospective whistleblower's browser
makes...
  •  

Whistlelink: Site-access password exposed in web server access logs via GET query string

Posted by Red Nanaki via Fulldisclosure on Jul 02

Whistlelink: Site-access password exposed in web server access logs via GET
query string

Severity: CRITICAL

SUMMARY

The Whistlelink reporting portal protects optionally-enabled, password-gated
whistleblowing sites with a site-access password. When a visitor unlocks such a
site, the client validates the password by issuing an HTTP GET request that
carries the password as a URL query-string parameter:

GET...
  •  

APPLE-SA-06-29-2026-3 Safari 26.5.2

Posted by Apple Product Security via Fulldisclosure on Jul 02

APPLE-SA-06-29-2026-3 Safari 26.5.2

Safari 26.5.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127685.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Web Extensions
Available for: macOS Sonoma and macOS Sequoia
Impact: A malicious web extension may be able to cause an...
  •  

APPLE-SA-06-29-2026-2 macOS Tahoe 26.5.2

Posted by Apple Product Security via Fulldisclosure on Jul 02

APPLE-SA-06-29-2026-2 macOS Tahoe 26.5.2

macOS Tahoe 26.5.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127595.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

IOGPUFamily
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination...
  •  

APPLE-SA-06-29-2026-1 iOS 26.5.2 and iPadOS 26.5.2

Posted by Apple Product Security via Fulldisclosure on Jul 02

APPLE-SA-06-29-2026-1 iOS 26.5.2 and iPadOS 26.5.2

iOS 26.5.2 and iPadOS 26.5.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127594.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

IOGPUFamily
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation
and later,...
  •  

pwnlift: symlink following and TOCTOU in privileged upload handler allow arbitrary file write as root

Posted by Greg via Fulldisclosure on Jul 02

1. Advisory information
-----------------------
Title: Symlink following and TOCTOU in pwnlift upload handler allow arbitrary file write as root
Advisory: https://github.com/GregDurys/security-advisories
GHSA: GHSA-2v7v-rhpw-m9w4
CVE: CVE-2026-56815
Class: CWE-59 (Improper Link Resolution Before File Access),
CWE-367 (Time-of-check Time-of-use Race Condition)
CVSS: 7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date: 2026-06-27...
  •  

[KIS-2026-12] Control Web Panel <= 0.9.8.1224 (userRes) SQL Injection Vulnerability

Posted by Egidio Romano on Jul 02

---------------------------------------------------------------------
Control Web Panel <= 0.9.8.1224 (userRes) SQL Injection Vulnerability
---------------------------------------------------------------------

[-] Software Link:

https://control-webpanel.com

[-] Affected Versions:

Version 0.9.8.1224 and prior versions.

[-] Vulnerability Description:

User input passed through the "userRes" POST parameter to...
  •  

[fulldis] CVE-2026-58451 - Horde Groupware IMP path traversal vuln

Posted by ㅤevan via Fulldisclosure on Jul 02

this is my first time sending to a mailing list so ive chosen
something easy. here goes:

Summary: Horde Groupware’s IMP Webmail solution contains a path
traversal/local file inclusion vulnerability which could be exploited
to escalate privileges or bypass authentication (through CSRF if
unauthenticated).

the vulnerability is in here:

} elseif (strcasecmp($node->tagName, 'IMG') === 0) {
/* Check for smileys. They...
  •  

Samsung Galaxy Buds – Zero-Click HFP/A2DP Takeover via L2CAP Session Preemption (Vendor Response: Working as Intended)

Posted by 490h3fqwomf via Fulldisclosure on Jul 02

Hello Full Disclosure,

The following publicly available research describes a Bluetooth attack against Samsung Galaxy Buds that leverages
connection arbitration behavior between HFP and A2DP profiles to preempt an active audio session.

Title:

Zero-Click HFP/A2DP Takeover via L2CAP Session Preemption
Exploiting Seamless Earbud Connection Arbitration to Bypass Pairing Trust Boundaries

According to the published research, an attacker within...
  •  

Asterisk Security Release 23.4.1

Posted by Asterisk Development Team via Fulldisclosure on Jul 02

The Asterisk Development Team would like to announce security release
Asterisk 23.4.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.4.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.4.1

## Change Log for Release asterisk-23.4.1

### Links:

- [Full ChangeLog](...
  •  

Asterisk Security Release 22.10.1

Posted by Asterisk Development Team via Fulldisclosure on Jul 02

The Asterisk Development Team would like to announce security release
Asterisk 22.10.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.10.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.10.1

## Change Log for Release asterisk-22.10.1

### Links:

- [Full ChangeLog](...
  •  

OpenBSD mpls_do_error: Remote Kernel Stack Disclosure via MPLS Label Stack Over-read

Posted by shj on Jun 20

------------------------------------------------------------------------
OpenBSD mpls_do_error: Remote Kernel Stack Disclosure via MPLS Label
Stack Over-read
------------------------------------------------------------------------

Affected:  OpenBSD -current prior to 2026-06-18 (fixed in -current)
Vendor:    OpenBSD
Severity:  Medium
Reporter:  Argus Systems
Date:      2026-06-12
CVE:       CVE-2026-56099

1. SUMMARY
==========

The...
  •  

OpenBSD sppp_pap_input: PAP authentication bypass

Posted by shj on Jun 20

------------------------------------------------------------------------
OpenBSD sppp_pap_input: PAP Authentication Bypass via Zero-Length bcmp
------------------------------------------------------------------------

Affected:  OpenBSD all versions through 7.6 (fixed in -current)
Vendor:    OpenBSD
Severity:  High
Reporter:  Argus
Date:      2026-06-16

1. SUMMARY
==========

The sppp_pap_input() function in sys/net/if_spppsubr.c uses...
  •  

SEC Consult SA-20260618-0 :: Hardcoded Root Cloud Credentials in Application Binaries in Silver Leaf Technologies - Worksnaps.net Worksnaps

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 20

SEC Consult Vulnerability Lab Security Advisory < 20260618-0 >
=======================================================================
title: Hardcoded Root Cloud Credentials in Application Binaries
product: Silver Leaf Technologies - Worksnaps.net Worksnaps
vulnerable version: <1.6.20260201
      fixed version: 1.6.20260201
         CVE number: CVE-2025-10560
impact: critical...
  •  

SEC Consult SA-20260617-1 :: Multiple Vulnerabilities in Quanos Content Solutions - SCHEMA ST4

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 20

SEC Consult Vulnerability Lab Security Advisory < 20260617-1 >
=======================================================================
title: Multiple Vulnerabilities
            product: Quanos Content Solutions - SCHEMA ST4
 vulnerable version: All versions of SCHEMA ST4 on-premises
    fixed version: Not applicable, see workaround section for mitigation.
CVE number: CVE-2026-11857, CVE-2026-11858...
  •  

SEC Consult SA-20260617-0 :: Multiple Critical Vulnerabilities in Sprecher Automation SPRECON-E-C/-E-P/-E-T3

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 20

SEC Consult Vulnerability Lab Security Advisory < 20260617-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Sprecher Automation SPRECON-E-C/-E-P/-E-T3
 vulnerable version: See vulnerable versions below
fixed version: See solution section below
         CVE number: CVE-2022-4333, CVE-2022-4332, CVE-2025-41741,
       ...
  •  
❌