❌

Reading view

[NotCVE-2026-0001] Cloudflare Universal SSL CAA augmentation weakens RFC 8657 account binding β€” CVE-2026-14440 assigned 163 days after public no-CVE disclosure

Posted by NotCVE Advisories on Jul 15

----------------------------------------------------------------------------
NotCVE Disclosure Update β€” NotCVE-2026-0001 / CVE-2026-14440
----------------------------------------------------------------------------

[-] Summary:

On 2026-01-19 the issue described below was published as NotCVE-2026-0001
after no CVE identifier was assigned for it. On 2026-07-01 β€” 163 days
later β€” Cloudflare assigned CVE-2026-14440 to the same issue, now...
  •  

Subject: Advisory Submission: EZ Game Booster - Cleartext Storage of Sensitive Credentials (CWE-312)

Posted by AliReza on Jul 15

# Exploit Title: EZ Game Booster v1.0.0 - Cleartext Credentials in user.config
# Date: 2026-07-16
# Exploit Author: Alireza Chegini
# Vendor Homepage: https://ezsystemrepairs.com
# Software Link: https://ezsystemrepairs.com (Free version available)
# Version: 1.0.0 (v2.0 exists but not tested - paid license required)
# Tested on: Windows 10 / Windows 11
# CVE: Pending
============================================================

1. Description...
  •  

CVE-2026-56877 - Skillable SCORM userId authorisation bypass

Posted by Greg via Fulldisclosure on Jul 15

Skillable's SCORM lab launch endpoint validates a launch token but
enforces per-user allocation limits using a browser-supplied userId
that is not bound to the validated token. An authenticated learner
can modify this identifier to bypass configured limits, launch
concurrent lab instances, and consume another learner's allocation.
Skillable states that no fix is planned for the legacy SCORM launch
path. CVE-2026-56877 was assigned by...
  •  

[REVIVE-SA-2026-003] Revive Adserver Vulnerabilities

Posted by Matteo Beccati on Jul 08

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2026-003
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2026-003
------------------------------------------------------------------------
Date: 2026-06-25
Risk Level: Medium to High
Applications affected: Revive Adserver
Versions...
  •  

OPNsense XPATH Injection (CVE-2026-53582)

Posted by evan on Jul 06

SUMMARY: a stored XPATH injection allows any user with just ca
manager/certificate manager perms to leak any secret key/any value in
config.xml, thus achieving privilege escalation and potentially remote
code execution. this can also likely be chained via csrf and some
clever hiding. see
https://github.com/opnsense/core/security/advisories/GHSA-xww7-76m6-mh2r

== VULN ==
the primary vulnerable sink is here:

$refcount =...
  •  

SCHUTZWERK-SA-2025-001: Authentication Bypass for SafeLine SL6 and SL6+

Posted by Jan HΓΌber via Fulldisclosure on Jul 06

Authentication Bypass for SafeLine SL6 and SL6+
===============================================

The SafeLine SL6 and SL6+ devices integrated into elevator emergency
intercom systems are
vulnerable to an authentication bypass. This vulnerability allows
attackers to bypass
authentication requirements and access the device's configuration
service via the
Bluetooth Low Energy (BLE) interface. Consequently, an attacker within
wireless range...
  •  

Whistleblowersoftware.com: confidentiality and anonymity leakage to third parties

Posted by Red Nanaki via Fulldisclosure on Jul 02

Whistleblowersoftware.com: confidentiality and anonymity leakage to third
parties

## Summary

The anonymous reporting flow on `whistleblowersoftware.com` encrypts report
text end-to-end in the browser but does not extend the same guarantee to
attachments and exposes the reporter's network identity and timing to a US-based
third party. Together these weaken the confidentiality and anonymity
properties the platform is expected to provide.

##...
  •  

OpenBlow Multiple Deanonymization Vulnerabilities

Posted by Red Nanaki via Fulldisclosure on Jul 02

OpenBlow Multiple Deanonymization Vulnerabilities

Summary

A production deployment was observed (HTTP archive of a full, real whistleblower
submission) to route its anonymous reporting flow through Google. The intake
CAPTCHA is Google reCAPTCHA, enforced as a mandatory, server-validated gate
on report submission, and the UI additionally pulls a web font from
fonts.gstatic.com. As a result, every prospective whistleblower's browser
makes...
  •  

Whistlelink: Site-access password exposed in web server access logs via GET query string

Posted by Red Nanaki via Fulldisclosure on Jul 02

Whistlelink: Site-access password exposed in web server access logs via GET
query string

Severity: CRITICAL

SUMMARY

The Whistlelink reporting portal protects optionally-enabled, password-gated
whistleblowing sites with a site-access password. When a visitor unlocks such a
site, the client validates the password by issuing an HTTP GET request that
carries the password as a URL query-string parameter:

GET...
  •  

APPLE-SA-06-29-2026-3 Safari 26.5.2

Posted by Apple Product Security via Fulldisclosure on Jul 02

APPLE-SA-06-29-2026-3 Safari 26.5.2

Safari 26.5.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127685.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Web Extensions
Available for: macOS Sonoma and macOS Sequoia
Impact: A malicious web extension may be able to cause an...
  •  

APPLE-SA-06-29-2026-2 macOS Tahoe 26.5.2

Posted by Apple Product Security via Fulldisclosure on Jul 02

APPLE-SA-06-29-2026-2 macOS Tahoe 26.5.2

macOS Tahoe 26.5.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127595.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

IOGPUFamily
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination...
  •  

APPLE-SA-06-29-2026-1 iOS 26.5.2 and iPadOS 26.5.2

Posted by Apple Product Security via Fulldisclosure on Jul 02

APPLE-SA-06-29-2026-1 iOS 26.5.2 and iPadOS 26.5.2

iOS 26.5.2 and iPadOS 26.5.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127594.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

IOGPUFamily
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation
and later,...
  •  

pwnlift: symlink following and TOCTOU in privileged upload handler allow arbitrary file write as root

Posted by Greg via Fulldisclosure on Jul 02

1. Advisory information
-----------------------
Title: Symlink following and TOCTOU in pwnlift upload handler allow arbitrary file write as root
Advisory: https://github.com/GregDurys/security-advisories
GHSA: GHSA-2v7v-rhpw-m9w4
CVE: CVE-2026-56815
Class: CWE-59 (Improper Link Resolution Before File Access),
CWE-367 (Time-of-check Time-of-use Race Condition)
CVSS: 7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date: 2026-06-27...
  •  

[KIS-2026-12] Control Web Panel <= 0.9.8.1224 (userRes) SQL Injection Vulnerability

Posted by Egidio Romano on Jul 02

---------------------------------------------------------------------
Control Web Panel <= 0.9.8.1224 (userRes) SQL Injection Vulnerability
---------------------------------------------------------------------

[-] Software Link:

https://control-webpanel.com

[-] Affected Versions:

Version 0.9.8.1224 and prior versions.

[-] Vulnerability Description:

User input passed through the "userRes" POST parameter to...
  •  

[fulldis] CVE-2026-58451 - Horde Groupware IMP path traversal vuln

Posted by γ…€evan via Fulldisclosure on Jul 02

this is my first time sending to a mailing list so ive chosen
something easy. here goes:

Summary: Horde Groupware’s IMP Webmail solution contains a path
traversal/local file inclusion vulnerability which could be exploited
to escalate privileges or bypass authentication (through CSRF if
unauthenticated).

the vulnerability is in here:

} elseif (strcasecmp($node->tagName, 'IMG') === 0) {
/* Check for smileys. They...
  •  

Samsung Galaxy Buds – Zero-Click HFP/A2DP Takeover via L2CAP Session Preemption (Vendor Response: Working as Intended)

Posted by 490h3fqwomf via Fulldisclosure on Jul 02

Hello Full Disclosure,

The following publicly available research describes a Bluetooth attack against Samsung Galaxy Buds that leverages
connection arbitration behavior between HFP and A2DP profiles to preempt an active audio session.

Title:

Zero-Click HFP/A2DP Takeover via L2CAP Session Preemption
Exploiting Seamless Earbud Connection Arbitration to Bypass Pairing Trust Boundaries

According to the published research, an attacker within...
  •  

Asterisk Security Release 23.4.1

Posted by Asterisk Development Team via Fulldisclosure on Jul 02

The Asterisk Development Team would like to announce security release
Asterisk 23.4.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.4.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.4.1

## Change Log for Release asterisk-23.4.1

### Links:

- [Full ChangeLog](...
  •  

Asterisk Security Release 22.10.1

Posted by Asterisk Development Team via Fulldisclosure on Jul 02

The Asterisk Development Team would like to announce security release
Asterisk 22.10.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.10.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.10.1

## Change Log for Release asterisk-22.10.1

### Links:

- [Full ChangeLog](...
  •  

OpenBSD mpls_do_error: Remote Kernel Stack Disclosure via MPLS Label Stack Over-read

Posted by shj on Jun 20

------------------------------------------------------------------------
OpenBSD mpls_do_error: Remote Kernel Stack Disclosure via MPLS Label
Stack Over-read
------------------------------------------------------------------------

Affected:Β  OpenBSD -current prior to 2026-06-18 (fixed in -current)
Vendor:Β  Β  OpenBSD
Severity:Β  Medium
Reporter:Β  Argus Systems
Date:Β  Β  Β  2026-06-12
CVE:Β  Β  Β  Β CVE-2026-56099

1. SUMMARY
==========

The...
  •  

OpenBSD sppp_pap_input: PAP authentication bypass

Posted by shj on Jun 20

------------------------------------------------------------------------
OpenBSD sppp_pap_input: PAP Authentication Bypass via Zero-Length bcmp
------------------------------------------------------------------------

Affected:Β  OpenBSD all versions through 7.6 (fixed in -current)
Vendor:Β  Β  OpenBSD
Severity:Β  High
Reporter:Β  Argus
Date:Β  Β  Β  2026-06-16

1. SUMMARY
==========

The sppp_pap_input() function in sys/net/if_spppsubr.c uses...
  •  
❌