Full Disclosure

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 22SEC Consult Vulnerability Lab Security Advisory < 20260218-0 > ======================================================================= title: Multiple Critical Vulnerabilities product: NesterSoft WorkTime (on-prem/cloud) vulnerable version: <= 11.8.8 fixed version: No patch available, vendor unresponsive. CVE number: CVE-2025-15563, CVE-2025-15562, CVE-2025-15561…

Posted by Egidio Romano on Feb 22—————————————————————————- SmarterMail <= 9518 (MailboxId) Reflected Cross-Site Scripting Vulnerability —————————————————————————- [-] Software Link: https://www.smartertools.com/smartermail/business-email-server [-] Affected Versions: Build 9518 and prior builds. [-] Vulnerability Description: User input passed through the…

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 16SEC Consult Vulnerability Lab Security Advisory < 20260212-0 > ======================================================================= title: Multiple Vulnerabilities             product: Various Solax Power Pocket WiFi models  vulnerable version: See section below       fixed version: See section below          CVE number: CVE-2025-15573, CVE-2025-15574, CVE-2025-15575              impact: High…

Posted by privexploits via Fulldisclosure on Feb 16Advisory: Authenticated Remote Code Execution in pfSense CECVEs: CVE-2025-69690, CVE-2025-69691 Researcher: Nelson Adhepeau (privexploits () protonmail com) Date: February 2026 == RESPONSIBLE DISCLOSURE NOTICE == This advisory is published in accordance with responsible disclosure practices.  The vendor was notified on December 2, 2025, acknowledged the reports, and indicated no patches would be issued. Publication follows standard 90-day…

Posted by Apple Product Security via Fulldisclosure on Feb 16APPLE-SA-02-11-2026-9 Safari 26.3 Safari 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126354. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. CFNetwork Available for: macOS Sonoma and macOS Sequoia Impact: A remote user may be able to write arbitrary files Description: A path…

Posted by Apple Product Security via Fulldisclosure on Feb 16APPLE-SA-02-11-2026-8 visionOS 26.3 visionOS 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126353. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: Apple Vision Pro (all models) Impact: An app may be able to access sensitive user data…

Posted by Apple Product Security via Fulldisclosure on Feb 16APPLE-SA-02-11-2026-7 watchOS 26.3 watchOS 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126352. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Bluetooth Available for: Apple Watch Series 6 and later Impact: An attacker in a privileged network position may be able to perform…

Posted by Apple Product Security via Fulldisclosure on Feb 16APPLE-SA-02-11-2026-6 tvOS 26.3 tvOS 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126351. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Bluetooth Available for: Apple TV HD and Apple TV 4K (all models) Impact: An attacker in a privileged network position may be able to…

Posted by Apple Product Security via Fulldisclosure on Feb 16APPLE-SA-02-11-2026-5 macOS Sonoma 14.8.4 macOS Sonoma 14.8.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126350. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: macOS Sonoma Impact: An app may be able to access sensitive user data…

Posted by Apple Product Security via Fulldisclosure on Feb 16APPLE-SA-02-11-2026-4 macOS Sequoia 15.7.4 macOS Sequoia 15.7.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126349. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: macOS Sequoia Impact: An app may be able to access sensitive user data…

Posted by Apple Product Security via Fulldisclosure on Feb 16APPLE-SA-02-11-2026-3 macOS Tahoe 26.3 macOS Tahoe 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126348. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Admin Framework Available for: macOS Tahoe Impact: An app may be able to access sensitive user data Description: A parsing…

Posted by Apple Product Security via Fulldisclosure on Feb 16APPLE-SA-02-11-2026-2 iOS 18.7.5 and iPadOS 18.7.5 iOS 18.7.5 and iPadOS 18.7.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/126347. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation Impact: An…

Posted by Apple Product Security via Fulldisclosure on Feb 16APPLE-SA-02-11-2026-1 iOS 26.3 and iPadOS 26.3 iOS 26.3 and iPadOS 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126346. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro…

Posted by Hanno Böck on Feb 16During tests of electronic invoicing tools, I discovered multiple XXE and Blind XXE vulnerabilities in online tools parsing electronic invoices in XML formats. While most of the affected tools have fixed these vulnerabilities, two online tools remain vulnerable to Blind XXE attacks, allowing exfiltration of files. Disclosure to the affected operators happened more than 90 days ago. Vulnerable tools: https://validator.invoice-portal.de/…

Posted by Darsh Naik on Feb 16🔓 The Attack Path — No Login, SYSTEM Access 1. Boot into setup.exe (via USB, PXE, or OOBM like Intel vPro). 2. Click “Repair your computer” → Enter WinRE. 3. Press Shift + F10 → SYSTEM-level Command Prompt. 4. From there, attacker can: – Run `net user` to create new admin accounts – Use `diskpart` to wipe or reformat drives – Use `manage-bde -off` or `bcdedit` to disable BitLocker – Replace `utilman.exe` to bypass login…