Full disclosure: Edupage web and mobile application authorization bypass leaks PII and IBAN codes Full Disclosuremailing list archivesFrom: Juraj Kosik <juraj.kosik () gmail com>... 2026-5-17 21:14:53 | 阅读: 1 | 收藏 | Full Disclosure - seclists.org edupage juraj kosik iban

Dovecot Security Advisory OXDC-2026-0002 Full Disclosuremailing list archivesFrom: Aki Tuomi <aki.tuomi () dovecot fi>D... 2026-5-17 21:11:36 | 阅读: 1 | 收藏 | Full Disclosure - seclists.org dovecot 2026 ox revision attacker

ESP-RFID-Tool v2 PRO — Full Public Disclosure Full Disclosuremailing list archivesFrom: Milan Berger via Fulldisclosure <fulld... 2026-4-29 17:46:51 | 阅读: 25 | 收藏 | Full Disclosure - seclists.org espr payload attacker deletelog rfid

Re: SEC Consult SA-20260427-0 :: Missing TLS Certificate Validation leading to RCE in DeskTime Time Tracking App Full Disclosuremailing list archivesFrom: SEC Consult Vulnerability Lab via Full... 2026-4-29 17:43:46 | 阅读: 23 | 收藏 | Full Disclosure - seclists.org desktime security 2026 burp

SEC Consult SA-20260427-0 :: Missing TLS Certificate Validation leading to RCE in DeskTime Time Tracking App Full Disclosuremailing list archivesFrom: SEC Consult Vulnerability Lab via Full... 2026-4-29 17:43:43 | 阅读: 28 | 收藏 | Full Disclosure - seclists.org desktime security burp client

SEC Consult SA-20260423-0 :: DLL Hijacking in EfficientLab Controlio (cloud-based employee monitoring service) Full Disclosuremailing list archivesFrom: SEC Consult Vulnerability Lab via Full... 2026-4-29 17:43:40 | 阅读: 23 | 收藏 | Full Disclosure - seclists.org controlio 2026 security attacker hijacking

SEC Consult SA-20260421-0 :: Broken Access Control in Config Endpoint in LiteLLM Full Disclosuremailing list archivesFrom: SEC Consult Vulnerability Lab via Full... 2026-4-29 17:43:37 | 阅读: 28 | 收藏 | Full Disclosure - seclists.org litellm 2026 security attacker github

SEC Consult SA-20260415-0 :: Exposed Private Key of X.509 Certificate in SAP HANA Cockpit & SAP HANA Database Explorer Full Disclosuremailing list archivesFrom: SEC Consult Vulnerability Lab via Full... 2026-4-29 17:43:35 | 阅读: 25 | 收藏 | Full Disclosure - seclists.org hana cockpit security database 2026

APPLE-SA-04-22-2026-2 iOS 18.7.8 and iPadOS 18.7.8 Full Disclosuremailing list archivesFrom: Apple Product Security via Fulldisclos... 2026-4-29 17:43:20 | 阅读: 27 | 收藏 | Full Disclosure - seclists.org security itunes inch software

APPLE-SA-04-22-2026-1 iOS 26.4.2 and iPadOS 26.4.2 Full Disclosuremailing list archivesFrom: Apple Product Security via Fulldisclos... 2026-4-29 17:43:17 | 阅读: 24 | 收藏 | Full Disclosure - seclists.org security itunes pgp software

Research: When Trusted Tools Become Attack Primitives Full Disclosuremailing list archivesFrom: Nir Yehoshua <nir () ciphersecuritylab... 2026-4-29 17:35:42 | 阅读: 17 | 收藏 | Full Disclosure - seclists.org nir yehoshua primitives security

[KIS-2026-08] SocialEngine <= 7.8.0 (get-memberall) SQL Injection Vulnerability Full Disclosuremailing list archivesFrom: Egidio Romano <n0b0d13s () gmail com>... 2026-4-29 17:35:12 | 阅读: 19 | 收藏 | Full Disclosure - seclists.org 2026 injection egidio romano memberall

[KIS-2026-07] SocialEngine <= 7.8.0 Blind Server-Side Request Forgery Vulnerability Full Disclosuremailing list archivesFrom: Egidio Romano <n0b0d13s () gmail com>... 2026-4-29 17:35:9 | 阅读: 16 | 收藏 | Full Disclosure - seclists.org 2026 stating romano egidio

Trojan-Spy.Win32.Small / Remote Command Execution Full Disclosuremailing list archivesFrom: malvuln <malvuln13 () gmail com>Date... 2026-4-29 17:34:3 | 阅读: 16 | 收藏 | Full Disclosure - seclists.org malvuln 2026 remote hubert

[IWCC 2026] CfP: 15th International Workshop on Cyber Crime - Linköping, Sweden, Aug 24-27, 2026 Full Disclosuremailing list archivesFrom: Artur Janicki via Fulldisclosure <full... 2026-4-29 17:31:42 | 阅读: 17 | 收藏 | Full Disclosure - seclists.org 2026 workshop criminal crimes ares

[SBA-ADV-20251120-01] CVE-2026-0972: GoAnywhere MFT Email HTML Injection Full Disclosuremailing list archivesFrom: SBA Research Security Advisory via Ful... 2026-4-29 17:30:53 | 阅读: 15 | 收藏 | Full Disclosure - seclists.org goanywhere mft 2026 sba fortra

XSA-487：Xen privcmd 驱动中的 Linux 内核双重释放漏洞绕过 Secure Boot oss-secmailing list archivesFrom: Xen.org security team <security () xen org>D... 2026-4-28 12:11:0 | 阅读: 14 | 收藏 | 玄武实验室每日安全 - seclists.org xen security embargo xsa487 2026

CVE-2026-6357：pip 自更新功能存在漏洞，导致新安装模块被意外导入 oss-secmailing list archivesFrom: Alan Coopersmith <alan.coopersmith () oracle c... 2026-4-27 20:33:0 | 阅读: 13 | 收藏 | 玄武实验室每日安全 - seclists.org python security announce 2026 wheel

CVE-2026-41113：sagredo qmail 分支中 DNS MX 记录 Shell 注入导致的远程代码执行 嗯，用户发来了一段邮件内容，看起来是关于一个安全漏洞的公告。他让我用中文总结一下，控制在100字以内，而且不需要特定的开头。首先，我需要理解邮件的内容。 邮件提到了CVE-2026-41113，这是一个远程代码执行漏洞，影响的是sagredo-dev/qmail的某个版本。攻击者通过控制DNS中的MX记录中的主机名，可以注入shell命令，从而执行任意代码。漏洞存在于tls_quit()函数中，利用了notlshosts_auto功能的一个缺陷。 接下来，我需要提取关键信息：漏洞名称、影响范围、攻击方式、CVSS评分以及修复版本。然后把这些信息浓缩成一句话，不超过100字。 可能的结构是：描述漏洞类型、受影响软件、攻击条件、CVSS评分和修复情况。这样既全面又简洁。 最后检查一下字数是否符合要求，并确保语言流畅自然。 </think> qmail远程代码执行漏洞CVE-2026-41113通过DNS MX记录控制主机名实现Shell注入。攻击者可利用该漏洞以qmailr用户身份执行任意命令。该漏洞影响sagredo-dev/qmail v2024.10.26至v2026.04.02版本，CVSS 3.1评分为8.2（高危），已修复于v2026.04.07版本。... 2026-4-18 19:12:0 | 阅读: 13 | 收藏 | 玄武实验室每日安全 - seclists.org qmail coopersmith 2026 remote alan

lcms2 CubeSize() 整数溢出：导致 Ubuntu 24.04、Poppler 及 OpenJDK 崩溃 嗯，用户让我总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”之类的开头。首先，我需要通读整篇文章，理解它的主要信息。 这篇文章主要讲的是一个关于Little CMS 2（lcms2）的漏洞。看起来这个漏洞会导致多个软件崩溃，比如Ubuntu上的Poppler、evince-thumbnailer、OpenJDK等。作者Abhinav Agarwal提到了这个漏洞是如何被发现的，以及它影响了哪些软件。 然后，我注意到文章中详细描述了漏洞的原因：CubeSize()函数中的整数溢出问题。这个问题导致内存分配错误，进而引发程序崩溃。作者还提到了修复措施已经在lcms2的master分支中实现，但还没有发布正式版本或CVE编号。 接下来，用户的需求是用中文总结内容，并且控制在100字以内。所以我要提炼出关键点：漏洞名称、影响范围、原因、修复情况以及CVE的状态。 最后，确保语言简洁明了，不使用复杂的术语，让读者一目了然。 </think> Little CMS 2 (lcms2) 存在整数溢出漏洞（CubeSize()），导致 Ubuntu 24.04 上的 Poppler、evince-thumbnailer、OpenJDK 等软件崩溃。该漏洞影响 lcms2 <= 2.18 的多个发行版和 JDK 捆绑版本。修复已提交 master 分支但未发布正式版本或 CVE 编号。... 2026-4-17 22:58:0 | 阅读: 14 | 收藏 | 玄武实验室每日安全 - seclists.org lcms2 liblcms2 poppler be32 axis