❌

Normal view

SEC Consult SA-20260615-1 :: Multiple Vulnerabilities in Wertheim SafeController Hardware for VAULT ROOMS (Safe Deposit Locker System – Microcontroller)

16 June 2026 at 08:56

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 15

SEC Consult Vulnerability Lab Security Advisory < 20260615-1 >
=======================================================================
title: Multiple Vulnerabilities
Β  Β  Β  Β  Β  product: Wertheim SafeController Hardware for VAULT ROOMS
(Safe Deposit Locker System – Microcontroller)
vulnerable version: Controller 65000 - AssemblyVersion 6.11.8130.22319
Β  Β  Β  Β  Β  Β  Β  Β  Β  Β  Controller...

SEC Consult SA-20260615-0 :: Multiple Critical Vulnerabilities in Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)

16 June 2026 at 08:56

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 15

SEC Consult Vulnerability Lab Security Advisory < 20260615-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Wertheim SafeController Software for VAULT ROOMS
(Safe Deposit Locker System)
vulnerable version: AssemblyVersion 6.15.8328.28014
fixed version: No information provided by vendor
CVE number:...

SEC Consult SA-20260610-0 :: Local Privilege Escalation in Slate Digital Connect (macOS)

16 June 2026 at 08:56

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 15

SEC Consult Vulnerability Lab Security Advisory < 20260610-0 >
=======================================================================
title: Local Privilege Escalation
product: Slate Digital Connect (macOS)
Β vulnerable version: 1.37.0
fixed version: -
CVE number: CVE-2026-24066, CVE-2026-24067
Β  Β  Β  Β  Β  Β  Β impact: high
homepage:...

SEC Consult SA-20260609-0 :: Multiple Local Privilege Escalation Vulnerabilities in Waves Audio - Waves Central

16 June 2026 at 08:56

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 15

SEC Consult Vulnerability Lab Security Advisory < 20260609-0 >
=======================================================================
title: Multiple Local Privilege Escalation Vulnerabilities
product: Waves Audio - Waves Central
vulnerable version: v13.0.8 - v16.6.0
Β  Β  Β  fixed version: v16.6.2
Β  Β  Β  Β  Β CVE number: CVE-2026-24064, CVE-2026-24065
Β  Β  Β  Β  Β  Β  Β impact: high...

[KIS-2026-11] Discuz! <= X5.0 (enable_disable.php) Local File Inclusion Vulnerability

16 June 2026 at 08:54

Posted by Egidio Romano on Jun 15

-----------------------------------------------------------------------
Discuz! <= X5.0 (enable_disable.php) Local File Inclusion Vulnerability
-----------------------------------------------------------------------

[-] Software Link:

https://www.discuz.vip

[-] Affected Versions:

Version X5.0, releases 20260320 through 20260610.
Older X3.4 and X3.5 releases may be affected too.

[-] Vulnerability Description:

A Local File Inclusion (LFI)...

[KIS-2026-10] Discuz! <= X5.0 OCR-based CAPTCHA Bypass Vulnerability

16 June 2026 at 08:54

Posted by Egidio Romano on Jun 15

------------------------------------------------------
Discuz! <= X5.0 OCR-based CAPTCHA Bypass Vulnerability
------------------------------------------------------

[-] Software Link:

https://www.discuz.vip

[-] Affected Versions:

Version X5.0, releases 20260320 through 20260610.
Older X3.4 and X3.5 releases may be affected too.

[-] Vulnerability Description:

A security weakness in the CAPTCHA implementation of Discuz! allows
automated...

[KIS-2026-09] Discuz! X5.0 (UC_KEY) Cross-Context Token Reuse Vulnerability

16 June 2026 at 08:54

Posted by Egidio Romano on Jun 15

-------------------------------------------------------------
Discuz! X5.0 (UC_KEY) Cross-Context Token Reuse Vulnerability
-------------------------------------------------------------

[-] Software Link:

https://www.discuz.vip

[-] Affected Versions:

Version X5.0, releases 20260320 through 20260501.

[-] Vulnerability Description:

The vulnerable code is located within the /config/config_ucenter.php
configuration file:...

SEC Consult SA-20260608-0 :: Privilege Escalation via Binary Planting in Genetec-provided RabbitMQ in multiple Genetec products

9 June 2026 at 07:32

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 08

SEC Consult Vulnerability Lab Security Advisory < 20260608-0 >
=======================================================================
title: Privilege Escalation via Binary Planting
Β  Β  Β  Β  Β  Β  product: Genetec-provided RabbitMQ in multiple Genetec products
vulnerable version: Multiple products, see below.
Β  Β  Β  fixed version: Multiple products, see below.
CVE number: CVE-2026-25112
Β  Β  Β  Β  Β  Β ...

[SYSS-2026-004] SAP NetWeaver SAML XML Signature Wrapping

9 June 2026 at 07:31

Posted by Moritz Bechler via Fulldisclosure on Jun 08

Advisory ID: SYSS-2026-004
Product: SAP NetWeaver ABAP / SAP_BASIS
Manufacturer: SAP SE
Affected Version(s): SAP_BASIS 700 - 918
Tested Version(s): 7.93 Patch 300
Vulnerability Type: CWE-347: Improper Verification of Cryptographic Signature
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2025-11-06
Solution Date: 2026-02-10...

[REVIVE-SA-2026-002] Revive Adserver Vulnerabilities

5 June 2026 at 02:16

Posted by Matteo Beccati on Jun 04

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2026-002
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2026-002
------------------------------------------------------------------------
Date: 2026-06-03
Risk Level: Medium to High
Applications affected: Revive Adserver
Versions...

CyberDanube Security Research 20260528-0 | Multiple Vulnerabilities in Multiple Vulnerabilities in Mennekes Amtron Series

1 June 2026 at 08:24

Posted by Thomas Weber | CyberDanube via Fulldisclosure on May 31

CyberDanube Security Research 20260528-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities
product| Mennekes Amtron Series and Smart-T PnC
vulnerable version| 5.22.3
fixed version| 5.33.11-21500
CVE number| CVE-2026-8979, CVE-2026-8980
impact| High
homepage| https://www.mennekes.at/
found|...

bmcweb (OpenBMC web server): four vulnerabilities β€” two unfixed, GHSA without a CVE

1 June 2026 at 08:23

Posted by binreaper via Fulldisclosure on May 31

Hi all,

Posting a brief summary of a four-finding disclosure on bmcweb (the OpenBMC HTTP/Redfish web server), which ships in
BMC firmware on most modern enterprise servers β€” Intel, IBM, HPE, NVIDIA, and various ODMs.

Full timeline and analysis on the blog:

https://binreaper.pages.dev/posts/2026-05-27-bmcweb-disclosure/

## Why bmcweb matters

A Baseboard Management Controller boots before the host CPU, has full control over the server...

Re: Dovecot Security Advisory OXDC-2026-0002

26 May 2026 at 03:45

Posted by Noel Butler via Fulldisclosure on May 25

So when is the fix for dovecot 2.3 source code due to be released?

Since by your wording by not including the first detected versions, it
must be assumed 2.3 is affected, and as no EOL has been published or
announced for 2.3.x, and as 2.3 is the still the most popular used
version by far, should be prudent one is released, given a few more
serious fixes have been made in recent times.

SSRF in Anthropic mcp-server-fetch and Microsoft playwright-mcp β€” publicly disclosed via GitHub issues

26 May 2026 at 03:44

Posted by outreach on May 25

-----BEGIN SECURITY ADVISORY-----

Title: Server-Side Request Forgery (SSRF) in Anthropic mcp-server-fetch and Microsoft playwright-mcp
Author: Syed Anas Mohiuddin <anasmohiuddinsyed () gmail com>
Date: May 25, 2026
CVSS: 7.5 (HIGH) β€” AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References: Already public via GitHub issues (see below)

== AFFECTED PRODUCTS ==

1. Anthropic mcp-server-fetch (modelcontextprotocol/servers)
All versions as of May...

[SECURITY ADVISORY] CVE-2021-21735 - ZTE ZXHN H168N V3.5 Unauthenticated Admin Credential Leak

26 May 2026 at 03:43

Posted by m.nageh on May 25

-----BEGIN SECURITY ADVISORY-----

Advisory ID: MONX-2021-001
CVE ID: CVE-2021-21735
Title: ZTE ZXHN H168N V3.5 - Unauthenticated Wizard Credential
Disclosure to Full Admin Compromise
Affected: ZTE ZXHN H168N V3.5
Date: 2026-05-20
Author: Mina Nageh Salalma (Monx Research)
Contact: minanageh379 () gmail com
Public URL:...

[SECURITY ADVISORY] CVE-2026-34474 - ZTE H298A/H108N Unauthenticated Admin Credential Exposure

26 May 2026 at 03:43

Posted by m.nageh on May 25

-----BEGIN SECURITY ADVISORY-----

Advisory ID: MONX-2026-003
CVE ID: CVE-2026-34474
Title: ZTE ZXHN H298A / H108N - Unauthenticated Admin Password &
WLAN Credential Exposure
Affected: ZTE ZXHN H298A 1.1, ZTE ZXHN H108N 2.6 (EOL; no patch
planned)
Date: 2026-05-20
Author: Mina Nageh Salalma (Monx Research)
Contact: minanageh379 () gmail com
Public URL:...

[SECURITY ADVISORY] CVE-2026-34472 - ZTE ZXHN H188A V6 Authentication Bypass via Pre-Login Wizard

26 May 2026 at 03:43

Posted by m.nageh on May 25

-----BEGIN SECURITY ADVISORY-----

Advisory ID: MONX-2026-002
CVE ID: CVE-2026-34472
Title: ZTE ZXHN H188A V6 - Authentication Bypass via Pre-Login
Wizard Credential Leakage
Affected: ZTE ZXHN H188A V6.0.10P2_TE, V6.0.10P3N3_TE
Date: 2026-05-20
Author: Mina Nageh Salalma (Monx Research)
Contact: minanageh379 () gmail com
Public URL:...

[SECURITY ADVISORY] CVE-2026-34473 - Unauthenticated DoS in 17+ ZTE Router Models (140K+ Devices)

26 May 2026 at 03:43

Posted by m.nageh on May 25

-----BEGIN SECURITY ADVISORY-----

Advisory ID: MONX-2026-001
CVE ID: CVE-2026-34473
Title: Unauthenticated Denial of Service via Oversized POST Body
in ZTE Router CGILua Parser
Affected: 17+ ZTE ZXHN router models (~140,000 publicly exposed
devices)
CVSS Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Date: 2026-05-20
Author: Mina Nageh Salalma (Monx Research)
Contact: minanageh379 () gmail...

Multiple vulnerabilities in Sparx Pro Cloud Server and Enterprise Architect

26 May 2026 at 03:40

Posted by Adamczyk Blazej on May 25

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Multiple vulnerabilities in Sparx Pro Cloud Server and Enterprise Architect
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

General...

APPLE-SA-05-13-2026-1 Safari 26.5

17 May 2026 at 23:16

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-13-2026-1 Safari 26.5

Safari 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127121.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Sonoma and macOS Sequoia
Impact: Processing maliciously crafted web content may prevent Content...
❌