Posted by shj on Jun 20

------------------------------------------------------------------------
OpenBSD mpls_do_error: Remote Kernel Stack Disclosure via MPLS Label
Stack Over-read
------------------------------------------------------------------------

Affected:  OpenBSD -current prior to 2026-06-18 (fixed in -current)
Vendor:    OpenBSD
Severity:  Medium
Reporter:  Argus Systems
Date:      2026-06-12
CVE:       CVE-2026-56099

1. SUMMARY
==========

The...

Posted by shj on Jun 20

------------------------------------------------------------------------
OpenBSD sppp_pap_input: PAP Authentication Bypass via Zero-Length bcmp
------------------------------------------------------------------------

Affected:  OpenBSD all versions through 7.6 (fixed in -current)
Vendor:    OpenBSD
Severity:  High
Reporter:  Argus
Date:      2026-06-16

1. SUMMARY
==========

The sppp_pap_input() function in sys/net/if_spppsubr.c uses...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 20

SEC Consult Vulnerability Lab Security Advisory < 20260618-0 >
=======================================================================
title: Hardcoded Root Cloud Credentials in Application Binaries
product: Silver Leaf Technologies - Worksnaps.net Worksnaps
vulnerable version: <1.6.20260201
      fixed version: 1.6.20260201
         CVE number: CVE-2025-10560
impact: critical...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 20

SEC Consult Vulnerability Lab Security Advisory < 20260617-1 >
=======================================================================
title: Multiple Vulnerabilities
            product: Quanos Content Solutions - SCHEMA ST4
 vulnerable version: All versions of SCHEMA ST4 on-premises
    fixed version: Not applicable, see workaround section for mitigation.
CVE number: CVE-2026-11857, CVE-2026-11858...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 20

SEC Consult Vulnerability Lab Security Advisory < 20260617-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Sprecher Automation SPRECON-E-C/-E-P/-E-T3
 vulnerable version: See vulnerable versions below
fixed version: See solution section below
         CVE number: CVE-2022-4333, CVE-2022-4332, CVE-2025-41741,
       ...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 20

SEC Consult Vulnerability Lab Security Advisory < 20260616-0 >
=======================================================================
title: Broken Access Control
            product: syracom AG Secure Login (2FA) for Atlassian Jira /
Confluence / Bitbucket
 vulnerable version: 3.4.0.x
      fixed version: 3.5.0.0
CVE number: CVE-2026-12225
             impact: High...

Posted by Apple Product Security via Fulldisclosure on Jun 20

APPLE-SA-06-16-2026-1 Beats Firmware Update 1B211

Beats Firmware Update 1B211 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127557.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Bluetooth
Available for: Beats Studio Buds
Impact: An attacker within Bluetooth range may be able...

Posted by Khashayar Fereidani on Jun 20

# PHP 8.5.7 `levenshtein()` signed-integer overflow

**Author:** Khashayar Fereidani
**Disclosure Date:** 2026-06-18
**Advisory:** https://fereidani.com/php-857-levenshtein-signed-integer-overflow
**Contact:** https://fereidani.com/contact

## Description

The `levenshtein()` function calculates the Levenshtein distance
between two strings, optionally accepting custom costs for insertion,
replacement, and deletion operations. In PHP 8.5.7, the...

Posted by Khashayar Fereidani on Jun 20

# PHP 8.5.7 `dom_xml_serialization_algorithm()` stack-overflow

**Author:** Khashayar Fereidani
**Disclosure Date:** 2026-06-18
**Advisory:** https://fereidani.com/php-857-domxmlserializationalgorithm-stack-overflow
**Contact:** https://fereidani.com/contact

## Description

The `dom_xml_serialization_algorithm()` and
`dom_xml_serialize_element_node()` functions in
`ext/dom/xml_serializer.c` rely on unbounded recursion to serialize
XML nodes....

Posted by Khashayar Fereidani on Jun 20

# PHP 8.5.7 `mb_substr()` 'SJIS-mac' size_t underflow

**Author:** Khashayar Fereidani
**Disclosure Date:** 2026-06-18
**Advisory:** https://fereidani.com/php-857-mbsubstr-sjis-mac-sizet-underflow
**Contact:** https://fereidani.com/contact

## Description

The `mb_get_substr()` function in `ext/mbstring/mbstring.c`
deliberately skips an early empty return guard for the `SJIS-mac`
encoding when `from >= in_len`. As a result, it falls...

Posted by Khashayar Fereidani on Jun 20

# PHP 8.5.7 `FILTER_SANITIZE_ENCODED` uninitialized read

**Author:** Khashayar Fereidani
**Disclosure Date:** 2026-06-18
**Advisory:** https://fereidani.com/php-857-filtersanitizeencoded-uninitialized-read
**Contact:** https://fereidani.com/contact

## Description

In `ext/filter/sanitizing_filters.c`, the `php_filter_encode_url`
function leaves the `255`th byte (`0xFF`) of a transient array
uninitialized. An array of 256 bytes is populated...

Posted by Alessandro Bertoldi BCS via Fulldisclosure on Jun 20

CVE-2025-68624: Cross-Tenant Authentication Bypass by Spoofing in N-able Mail Assure

CVE ID: CVE-2025-68624
Status: DISPUTED
CWE: CWE-290 (Authentication Bypass by Spoofing)
Affected Product: N-able Mail Assure (formerly SolarWinds MSP Mail Assure)
Affected Service: N-able Mail Assure cloud-based multi-tenant SMTP relay infrastructure
Vendor: N-able Technologies
Initial Discovery: October 2018
Public Disclosure: November 2025, DeepSec Vienna...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 15

SEC Consult Vulnerability Lab Security Advisory < 20260615-1 >
=======================================================================
title: Multiple Vulnerabilities
          product: Wertheim SafeController Hardware for VAULT ROOMS
(Safe Deposit Locker System – Microcontroller)
vulnerable version: Controller 65000 - AssemblyVersion 6.11.8130.22319
                    Controller...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 15

SEC Consult Vulnerability Lab Security Advisory < 20260615-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Wertheim SafeController Software for VAULT ROOMS
(Safe Deposit Locker System)
vulnerable version: AssemblyVersion 6.15.8328.28014
fixed version: No information provided by vendor
CVE number:...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 15

SEC Consult Vulnerability Lab Security Advisory < 20260610-0 >
=======================================================================
title: Local Privilege Escalation
product: Slate Digital Connect (macOS)
 vulnerable version: 1.37.0
fixed version: -
CVE number: CVE-2026-24066, CVE-2026-24067
             impact: high
homepage:...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 15

SEC Consult Vulnerability Lab Security Advisory < 20260609-0 >
=======================================================================
title: Multiple Local Privilege Escalation Vulnerabilities
product: Waves Audio - Waves Central
vulnerable version: v13.0.8 - v16.6.0
      fixed version: v16.6.2
         CVE number: CVE-2026-24064, CVE-2026-24065
             impact: high...

Posted by Egidio Romano on Jun 15

-----------------------------------------------------------------------
Discuz! <= X5.0 (enable_disable.php) Local File Inclusion Vulnerability
-----------------------------------------------------------------------

[-] Software Link:

https://www.discuz.vip

[-] Affected Versions:

Version X5.0, releases 20260320 through 20260610.
Older X3.4 and X3.5 releases may be affected too.

[-] Vulnerability Description:

A Local File Inclusion (LFI)...

Posted by Egidio Romano on Jun 15

------------------------------------------------------
Discuz! <= X5.0 OCR-based CAPTCHA Bypass Vulnerability
------------------------------------------------------

[-] Software Link:

https://www.discuz.vip

[-] Affected Versions:

Version X5.0, releases 20260320 through 20260610.
Older X3.4 and X3.5 releases may be affected too.

[-] Vulnerability Description:

A security weakness in the CAPTCHA implementation of Discuz! allows
automated...

Posted by Egidio Romano on Jun 15

-------------------------------------------------------------
Discuz! X5.0 (UC_KEY) Cross-Context Token Reuse Vulnerability
-------------------------------------------------------------

[-] Software Link:

https://www.discuz.vip

[-] Affected Versions:

Version X5.0, releases 20260320 through 20260501.

[-] Vulnerability Description:

The vulnerable code is located within the /config/config_ucenter.php
configuration file:...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 08

SEC Consult Vulnerability Lab Security Advisory < 20260608-0 >
=======================================================================
title: Privilege Escalation via Binary Planting
            product: Genetec-provided RabbitMQ in multiple Genetec products
vulnerable version: Multiple products, see below.
      fixed version: Multiple products, see below.
CVE number: CVE-2026-25112
           ...