Exploit-DB Updates

[webapps] motionEye 0.43.1b4 - RCE

motionEye 0.43.1b4 - RCE

Exploit-DB Updates

[local] glibc 2.38 - Buffer Overflow

glibc 2.38 - Buffer Overflow

Exploit-DB Updates

[remote] Windows 10.0.17763.7009 - spoofing vulnerability

Windows 10.0.17763.7009 - spoofing vulnerability

Full Disclosure

Asterisk Security Release 23.2.2

Posted by Asterisk Development Team via Fulldisclosure on Feb 07

The Asterisk Development Team would like to announce security release
Asterisk 23.2.2.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.2.2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.2.2

## Change Log for Release asterisk-23.2.2

### Links:

- [Full ChangeLog](...

Full Disclosure

Asterisk Security Release 21.12.1

Posted by Asterisk Development Team via Fulldisclosure on Feb 07

The Asterisk Development Team would like to announce security release
Asterisk 21.12.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.12.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 21.12.1

## Change Log for Release asterisk-21.12.1

### Links:

- [Full ChangeLog](...

Full Disclosure

Asterisk Security Release 22.8.2

Posted by Asterisk Development Team via Fulldisclosure on Feb 07

The Asterisk Development Team would like to announce security release
Asterisk 22.8.2.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.8.2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.8.2

## Change Log for Release asterisk-22.8.2

### Links:

- [Full ChangeLog](...

Full Disclosure

Asterisk Security Release 20.18.2

Posted by Asterisk Development Team via Fulldisclosure on Feb 07

The Asterisk Development Team would like to announce security release
Asterisk 20.18.2.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.18.2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.18.2

## Change Log for Release asterisk-20.18.2

### Links:

- [Full ChangeLog](...

Full Disclosure

Certified Asterisk Security Release certified-20.7-cert9

Posted by Asterisk Development Team via Fulldisclosure on Feb 07

The Asterisk Development Team would like to announce security release
Certified Asterisk 20.7-cert9.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-20.7-cert9
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk

Repository: https://github.com/asterisk/asterisk
Tag: certified-20.7-cert9

## Change Log for Release asterisk-certified-20.7-cert9

###...

Full Disclosure

SEC Consult SA-20260202-0 :: Multiple vulnerabilities in Native Instruments Native Access (MacOS)

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 04

SEC Consult Vulnerability Lab Security Advisory < 20260202-0 >
=======================================================================
title: Multiple vulnerabilities
product: Native Instruments - Native Access (MacOS)
vulnerable version: verified up to 3.22.0
fixed version: n/a
CVE number: CVE-2026-24070, CVE-2026-24071
             impact: high
homepage:...

Full Disclosure

CyberDanube Security Research 20260119-0 | Authenticated Command Injection in Phoenix Contact TC Router Series

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Feb 04

CyberDanube Security Research 20260119-0
-------------------------------------------------------------------------------
title| Authenticated Command Injection
product| TC Router 5004T-5G EU
vulnerable version| 1.06.18
fixed version| 1.06.23
CVE number| CVE-2025-41717
impact| High
homepage| https://www.phoenixcontact.com/
found| 16.04.2025...

Full Disclosure

[KIS-2026-03] Blesta <= 5.13.1 (2Checkout) Multiple PHP Object Injection Vulnerabilities

Posted by Egidio Romano on Feb 04

--------------------------------------------------------------------------
Blesta <= 5.13.1 (2Checkout) Multiple PHP Object Injection Vulnerabilities
--------------------------------------------------------------------------

[-] Software Link:

https://www.blesta.com

[-] Affected Versions:

All versions from 3.0.0 to 5.13.1.

[-] Vulnerabilities Description:

The vulnerabilities exist because user input passed through the...

Full Disclosure

[KIS-2026-02] Blesta <= 5.13.1 (Admin Interface) Multiple PHP Object Injection Vulnerabilities

Posted by Egidio Romano on Feb 04

--------------------------------------------------------------------------------
Blesta <= 5.13.1 (Admin Interface) Multiple PHP Object Injection Vulnerabilities
--------------------------------------------------------------------------------

[-] Software Link:

https://www.blesta.com

[-] Affected Versions:

All versions from 3.0.0 to 5.13.1.

[-] Vulnerabilities Description:

The vulnerabilities exist because user input passed through the...

Full Disclosure

[KIS-2026-01] Blesta <= 5.13.1 (confirm_url) Reflected Cross-Site Scripting Vulnerability

Posted by Egidio Romano on Feb 04

---------------------------------------------------------------------------
Blesta <= 5.13.1 (confirm_url) Reflected Cross-Site Scripting Vulnerability
---------------------------------------------------------------------------

[-] Software Link:

https://www.blesta.com

[-] Affected Versions:

All versions from 3.2.0 to 5.13.1.

[-] Vulnerability Description:

User input passed through the "confirm_url" GET parameter to the...

Exploit-DB Updates

[webapps] FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution

FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution

Exploit-DB Updates

[local] Docker Desktop 4.44.3 - Unauthenticated API Exposure

Docker Desktop 4.44.3 - Unauthenticated API Exposure

Exploit-DB Updates

[webapps] aiohttp 3.9.1 - directory traversal PoC

aiohttp 3.9.1 - directory traversal PoC

Exploit-DB Updates

[remote] Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE

Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE

Exploit-DB Updates

[webapps] OctoPrint 1.11.2 - File Upload

OctoPrint 1.11.2 - File Upload

Exploit-DB Updates

[remote] Redis 8.0.2 - RCE

Redis 8.0.2 - RCE

Exploit-DB Updates

[remote] windows 10/11 - NTLM Hash Disclosure Spoofing

windows 10/11 - NTLM Hash Disclosure Spoofing

Exploit-DB Updates

[hardware] D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)

D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)

Exploit-DB Updates

[webapps] RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)

RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)

Exploit-DB Updates

[webapps] Piranha CMS 12.0 - Stored XSS in Text Block

Piranha CMS 12.0 - Stored XSS in Text Block

Full Disclosure

Username Enumeration - elggv6.3.3

Posted by Andrey Stoykov on Jan 29

# Exploit Title: Elgg - Username Enumeration
# Date: 1/2026
# Exploit Author: Andrey Stoykov
# Version: 6.3.3
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2026/01/friday-fun-pentest-series-47-lack-of.html

// HTTP Request - Resetting Password - Valid User

POST /action/user/requestnewpassword HTTP/1.1
Host: elgg.local
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:148.0)
Gecko/20100101 Firefox/148.0
Accept:...

Full Disclosure

Weak Password Complexity - elggv6.3.3

Posted by Andrey Stoykov on Jan 29

# Exploit Title: Elgg - Lack of Password Complexity
# Date: 1/2026
# Exploit Author: Andrey Stoykov
# Version: 6.3.3
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2026/01/friday-fun-pentest-series-48-weak.html

// HTTP Request - Changing Password

POST /action/usersettings/save HTTP/1.1
Host: elgg.local
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:148.0)
Gecko/20100101 Firefox/148.0
Accept:...

Full Disclosure

Paper-Exploiting XAMPP Installations

Posted by Andrey Stoykov on Jan 29

Hi. I would like to publish my paper for exploiting XAMPP installations.

Thanks,
Andrey

Full Disclosure

CVE-2025-12758: Unicode Variation Selectors Bypass in 'validator' library (isLength)

Posted by Karol Wrótniak on Jan 29

Summary
=======
A vulnerability was discovered in the popular JavaScript library
'validator'.
The isLength() function incorrectly handles Unicode Variation Selectors
(U+FE0E and U+FE0F). An attacker can inject thousands of these zero-width
characters into a string, causing the library to report a much smaller
perceived length than the actual byte size. This leads to validation
bypasses,
potential database truncation, and Denial of...

Full Disclosure

Re: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)

Posted by Yuffie Kisaragi via Fulldisclosure on Jan 26

Dear Art,

Thank you for sharing your detailed evaluation and for pointing out the relevant
sections of the CNA Rules.

Your argument is well reasoned, particularly with respect to the current
guidance on SaaS and exclusively hosted services.

I have forwarded your evaluation to the CNA for further consideration. It will
also be important to understand the vendor’s perspective in light of the points
you raised, especially regarding the...

Full Disclosure

Re: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)

Posted by Marco Ermini via Fulldisclosure on Jan 26

Hello everyone,

Kindly let me introduce myself. This is the first – and potentially, last – message on this mailing list. I am Marco,
the CISO of EQS Group. Kindly allow me to address some of the statements expressed publicly here.

About the Convercent application

Convercent was acquired by OneTrust in 2021, and in turn, EQS has acquired it from OneTrust at the end of 2024. Before
being acquired by EQS, the Convercent application has not...

Full Disclosure

SEC Consult SA-20260126-2 :: UART Leaking Sensitive Data in dormakaba registration unit 9002 (PIN pad)

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jan 26

SEC Consult Vulnerability Lab Security Advisory < 20260126-2 >
=======================================================================
title: UART Leaking Sensitive Data
            product: dormakaba registration unit 9002 (PIN pad)
vulnerable version: <SW0039
      fixed version: SW0039
         CVE number: CVE-2025-59109
             impact: medium
homepage:...

Full Disclosure

SEC Consult SA-20260126-1 :: Multiple Critical Vulnerabilities in dormakaba Access Manager

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jan 26

SEC Consult Vulnerability Lab Security Advisory < 20260126-1 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: dormakaba Access Manager
vulnerable version: Multiple firmware and hardware revisions (details below)
fixed version: Multiple firmware and hardware revisions (details below)
         CVE number: CVE-2025-59097,...

Full Disclosure

SEC Consult SA-20260126-0 :: Multiple Critical Vulnerabilities in dormakaba Kaba exos 9300

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jan 26

SEC Consult Vulnerability Lab Security Advisory < 20260126-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: dormakaba Kaba exos 9300
vulnerable version: < 4.4.1
fixed version: 4.4.1
CVE number: CVE-2025-59090, CVE-2025-59091, CVE-2025-59092
CVE-2025-59093, CVE-2025-59094, CVE-2025-59095...

Full Disclosure

Re: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)

Posted by Wade Sparks on Jan 21

Hello Yuffie,

Upon further investigation, the VulnCheck CNA determined that these
vulnerabilities were not suitable for CVE assignment. The
vulnerabilities exist within a SaaS product and are mitigated at the
CSP-level which in this case, would be the vendor, EQS Group. Rather than
contribute unactionable CVE records, the VulnCheck CNA used its
discretionary prowess to move forward with rejecting these records. This
policy aligns with a 2022...

Full Disclosure

OpenMetadata <= 1.11.3 Authenticated SQL Injection

Posted by BUG on Jan 21

#### Title:OpenMetadata <= 1.11.3 Authenticated SQL Injection
#### Affected versions: <= 1.11.3
#### Credits: echo
#### Vendor: https://open-metadata.org/

OpenMetadata versions 1.11.3 and earlier are vulnerable to an
authenticated SQL injection issue.
Low-privileged users can exploit this vulnerability to gain unauthorized
access to the database in the context of the database user associated
with the application.

POC:

request:

GET...

Exploit-DB Updates

[webapps] Siklu EtherHaul Series EH-8010 - Remote Command Execution

Siklu EtherHaul Series EH-8010 - Remote Command Execution

Exploit-DB Updates

[webapps] Siklu EtherHaul Series EH-8010 - Arbitrary File Upload

Siklu EtherHaul Series EH-8010 - Arbitrary File Upload

Exploit-DB Updates

[webapps] RPi-Jukebox-RFID 2.8.0 - Remote Command Execution

RPi-Jukebox-RFID 2.8.0 - Remote Command Execution

Full Disclosure

[REVIVE-SA-2026-001] Revive Adserver Vulnerabilities

Posted by Matteo Beccati on Jan 14

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2026-001
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2026-001
------------------------------------------------------------------------
Date: 2026-01-14
Risk Level: High
Applications affected: Revive...

Full Disclosure

Defense in depth -- the Microsoft way (part 95): the (shared) "Start Menu" is dispensable

Posted by Stefan Kanthak via Fulldisclosure on Jan 10

Hi @ll,

the following is a condensed form of
<https://skanthak.hier-im-netz.de/whispers.html#whisper3> and
<https://skanthak.hier-im-netz.de/whispers.html#whisper4>.

Windows Vista moved the shared start menu from "%ALLUSERSPROFILE%\Start Menu\"
to "%ProgramData%\Microsoft\Windows\Start Menu\", with some shortcuts (*.lnk)
"reflected" from the (immutable) component store below %SystemRoot%\WinSxS\

JFTR:...

Full Disclosure

Re: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)

Posted by Art Manion via Fulldisclosure on Jan 10

Hi,

CVE IDs *can* be assigned for SaaS or similarly "cloud only" software. For a period of time, there was a restriction
that only the provider could make or request such an assignment. But the current CVE rules remove this restriction:

4.2.3 CNAs MUST NOT consider the type of technology (e.g., cloud, on-premises, artificial intelligence, machine
learning) as the sole basis for determining assignment.

It would have been...

Full Disclosure

RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in RIOT ethos Serial Frame Parser

Posted by Ron E on Jan 10

A stack-based buffer overflow vulnerability exists in the RIOT OS ethos
utility due to missing bounds checking when processing incoming serial
frame data. The vulnerability occurs in the _handle_char() function, where
incoming frame bytes are appended to a fixed-size stack buffer
(serial->frame) without verifying that the current write index
(serial->framebytes) remains within bounds. An attacker capable of sending
crafted serial or...

Full Disclosure

RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility via Unbounded Device Path Construction

Posted by Ron E on Jan 10

A stack-based buffer overflow vulnerability exists in the tapslip6 utility
distributed with RIOT OS (and derived from the legacy uIP/Contiki
networking tools). The vulnerability is caused by unsafe string
concatenation in the devopen() function, which constructs a device path
using unbounded user-controlled input.
Specifically, tapslip6 uses strcpy() and strcat() to concatenate the fixed
prefix "/dev/" with a user-supplied device name...

Full Disclosure

TinyOS 2.1.2 Stack-Based Buffer Overflow in mcp2200gpio

Posted by Ron E on Jan 10

A stack-based buffer overflow vulnerability exists in the mcp2200gpio
utility due to unsafe use of strcpy() and strcat() when constructing device
paths during automatic device discovery. A local attacker can trigger the
vulnerability by creating a specially crafted filename under /dev/usb/,
resulting in stack memory corruption and a process crash. In non-hardened
builds, this may lead to arbitrary code execution.

*Root Cause:*

The vulnerability...

Full Disclosure

TinyOS 2.1.2 printfUART Global Buffer Overflow via Unbounded Format Expansion

Posted by Ron E on Jan 10

A global buffer overflow vulnerability exists in the TinyOS printfUART
implementation used within the ZigBee / IEEE 802.15.4 networking stack. The
issue arises from an unsafe custom sprintf() routine that performs
unbounded string concatenation using strcat() into a fixed-size global
buffer. The global buffer debugbuf, defined with a size of 256 bytes, is
used as the destination for formatted output. When a %s format specifier is
supplied with a...

Full Disclosure

KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking

Posted by KoreLogic Disclosures via Fulldisclosure on Jan 08

KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking

Title: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking
Advisory ID: KL-001-2026-001
Publication Date: 2026-01-08
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2026-001.txt

1. Vulnerability Details

     Affected Vendor: yintibao
     Affected Product: Fun Print Mobile
     Affected Version: 6.05.15
   ...

Full Disclosure

Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)

Posted by Yuffie Kisaragi via Fulldisclosure on Jan 05

UPDATE:

Following the publication of these vulnerabilities and the subsequent CVE
assignments, the CVE identifiers have now been revoked.

The vendor (EQS Group) contacted the CVE Program (via a CNA) and disputed the
records, stating that the affected product is an exclusively hosted SaaS
platform with no customer-managed deployment or versioning. Based on this
argument, the CVE Program concluded that CVE assignment is “not a suitable...

Full Disclosure

Panda3d v1.10.16 Uncontrolled Format String in Panda3D egg-mkfont Allows Stack Memory Disclosure

Posted by Ron E on Jan 05

Panda3D’s egg-mkfont utility contains an uncontrolled format string
vulnerability that allows disclosure of stack-resident memory. The -gp
(glyph pattern) command-line option allows users to specify a formatting
pattern intended for generating glyph texture filenames. This pattern is
passed directly as the format string to sprintf() without validation or
sanitization. If the supplied pattern contains additional format specifiers
beyond the...

Full Disclosure

Panda3d v1.10.16 egg-mkfont Stack Buffer Overflow

Posted by Ron E on Jan 05

A stack-based buffer overflow vulnerability exists in the Panda3D
egg-mkfont utility due to the use of an unbounded sprintf() call with
attacker-controlled input. By supplying an excessively long glyph pattern
string via the -gp command-line option, an attacker can trigger a stack
buffer overflow, resulting in a deterministic crash of the egg-mkfont
process.

*Technical Details:*
The vulnerability occurs when egg-mkfont constructs output glyph...

Full Disclosure

Panda3d v1.10.16 deploy-stub Unbounded Stack Allocation Leading to Uninitialized Memory

Posted by Ron E on Jan 05

A memory safety vulnerability exists in the Panda3D deploy-stub executable
due to unbounded stack allocation using attacker-controlled input. The
issue allows a local attacker to trigger stack exhaustion and subsequent
use of uninitialized memory during Python interpreter initialization,
resulting in a reliable crash and undefined behavior. The vulnerability is
confirmed by MemorySanitizer (MSAN) as a use-of-uninitialized-value
originating from...

Full Disclosure

MongoDB v8.3.0 Integer Underflow in LMDB mdb_load

Posted by Ron E on Jan 05

This integer underflow vulnerability enables heap metadata corruption and
information disclosure through carefully crafted LMDB dump files.

*Impact:*

- *Denial of Service*: Immediate crash (confirmed)
- *Information Disclosure*: Heap metadata leak via OOB read

Root Cause:The readline() function fails to validate that the input line
length is non-zero before performing decrement operations, causing integer
underflow. An attacker can craft...

Full Disclosure

Bioformats v8.3.0 Untrusted Deserialization of Bio-Formats Memoizer Cache Files

Posted by Ron E on Jan 05

Bio-Formats performs unsafe Java deserialization of attacker-controlled
memoization cache files (.bfmemo) during image processing. The
loci.formats.Memoizer class automatically loads and deserializes memo files
associated with images without validation, integrity checks, or trust
enforcement.
An attacker can exploit this behavior by supplying a crafted or corrupted
.bfmemo file—either fully attacker-controlled or derived from a legitimate
memo...

Full Disclosure

Bioformats v8.3.0 Improper Restriction of XML External Entity Reference in Bio-Formats Leica Microsystems XML Parser

Posted by Ron E on Jan 05

Bio-Formats contains an XML External Entity (XXE) vulnerability in the
Leica Microsystems metadata parsing component. The vulnerability is caused
by the use of an insecurely configured DocumentBuilderFactory when
processing Leica XML-based metadata files (e.g., XLEF). When a crafted XML
file is supplied, the parser allows external entity resolution and external
DTD loading, enabling attackers to trigger arbitrary outbound network
requests, access...

Full Disclosure

MongoDB v8.3.0 Heap Buffer Underflow in OpenLDAP LMDB mdb_load

Posted by Ron E on Jan 05

A heap buffer underflow vulnerability exists in the readline() function of
OpenLDAP's Lightning Memory-Mapped Database (LMDB) mdb_load utility. The
vulnerability is triggered through malformed input data and results in an
out-of-bounds read one byte before an allocated heap buffer. This can lead
to information disclosure through heap memory leakage.

*Root Cause:*
The vulnerability occurs in the readline() function at line 214 of
mdb_load.c....

Full Disclosure

zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility via Unbounded strcpy() on User-Supplied Archive Name

Posted by Ron E on Jan 05

A global buffer overflow vulnerability exists in the TGZfname() function of
the zlib untgz utility due to the use of an unbounded strcpy() call on
attacker-controlled input. The utility copies a user-supplied archive name
(argv[arg]) into a fixed-size static global buffer of 1024 bytes without
performing any length validation. Supplying an archive name longer than
1024 bytes results in an out-of-bounds write past the end of the global
buffer,...

Full Disclosure

SigInt-Hombre v1 / dynamic Suricata detection rules from real-time threat feeds

Posted by malvuln on Jan 05

SigInt-Hombre, generates derived Suricata detection rules from live
URLhaus threat indicators at runtime and deploy them to the Security
Onion platform for high-coverage real-time network monitoring.

https://github.com/malvuln/sigint-hombre

What it does:
Pulls the public URLhaus feed in real time (not mirrored or redistributed)

Skips:
Comments, empty lines, malformed URLs, and feed self-references
Normalizes and extracts:

Protocol, host, URI...

Full Disclosure

Security Vulnerability in Koller Secret: Real Hidden App (com.koller.secret.hidemyphoto)

Posted by duykham on Jan 05

Hello Full Disclosure,

I would like to disclose a security vulnerability identified in a
smartphone application: *Koller Secret: Real Hidden App*.

This report is shared in the interest of responsible disclosure and
improving overall security awareness.

---

*Summary*
- Application: Koller Secret: Real Hidden App
- Package / Bundle ID: com.koller.secret.hidemyphoto
- Platform: Android
- Affected Version(s): v.1.0.27 and below
- Vulnerability...

Full Disclosure

Linux Kernel Block Subsystem Vulnerabilities

Posted by Agent Spooky's Fun Parade via Fulldisclosure on Jan 05

================================================================================
FULL DISCLOSURE: Linux Kernel Block Subsystem Vulnerabilities
Date: 2025-12-29
Affected: Linux Kernel (all versions with affected code)
================================================================================

================================================================================
[1/4] Integer Overflow in LDM Partition Parser - Heap Overflow...

Full Disclosure

[KIS-2025-14] PKP-WAL <= 3.5.0-1 Login Cross-Site Request Forgery Vulnerability

Posted by Egidio Romano on Dec 27

-----------------------------------------------------------------
PKP-WAL <= 3.5.0-1 Login Cross-Site Request Forgery Vulnerability
-----------------------------------------------------------------

[-] Software Links:

https://pkp.sfu.ca
https://github.com/pkp/pkp-lib

[-] Affected Versions:

Version 3.3.0-21 and prior versions.
Version 3.4.0-9 and prior versions.
Version 3.5.0-1 and prior versions.

[-] Vulnerability Description:

Open...

Full Disclosure

[KIS-2025-13] PKP-WAL <= 3.5.0-3 (X-Forwarded-Host) LESS Code Injection Vulnerability

Posted by Egidio Romano on Dec 27

-----------------------------------------------------------------------
PKP-WAL <= 3.5.0-3 (X-Forwarded-Host) LESS Code Injection Vulnerability
-----------------------------------------------------------------------

[-] Software Links:

https://pkp.sfu.ca
https://github.com/pkp/pkp-lib

[-] Affected Versions:

PKP Web Application Library (aka PKP-WAL or pkp-lib) version 3.4.0-10
and prior versions, and version 3.5.0-3 and prior versions, as...

Full Disclosure

[KIS-2025-12] PKP-WAL <= 3.5.0-1 (baseColour) LESS Code Injection Vulnerability

Posted by Egidio Romano on Dec 27

-----------------------------------------------------------------
PKP-WAL <= 3.5.0-1 (baseColour) LESS Code Injection Vulnerability
-----------------------------------------------------------------

[-] Software Links:

https://pkp.sfu.ca
https://github.com/pkp/pkp-lib

[-] Affected Versions:

PKP Web Application Library (aka PKP-WAL or pkp-lib) version 3.4.0-9
and prior versions, and version 3.5.0-1 and prior versions, as used in
Open Journal...