Full Disclosure

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Apr 14CyberDanube Security Research 20260408-1 ——————————————————————————- title| Multiple Vulnerabilities product| Siemens SICAM A8000 CP-8050/CP-8031/CP-8010/CP-8012 vulnerable version| <=V25.30 fixed version| V26.10 CVE number| CVE-2026-27664 impact| High homepage| https://siemens.com/ found|…

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Apr 14CyberDanube Security Research 20260408-0 ——————————————————————————- title| Remote Operation Denial of Service product| Siemens SICAM A8000 CP-8050/CP-8031/CP-8010/CP-8012 vulnerable version| <=V25.30 fixed version| V26.10 CVE number| CVE-2026-27663 impact| Medium homepage| https://siemens.com/…

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 14SEC Consult Vulnerability Lab Security Advisory < 20260414-0 > ======================================================================= title: Improper Enforcement of Locked Accounts in WebUI (SSO)             product: Kiuwan SAST on-premise (KOP) & cloud/SaaS  vulnerable version: <2.8.2509.4       fixed version: 2.8.2509.4          CVE number: CVE-2026-24069              impact: medium…

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 02SEC Consult Vulnerability Lab Security Advisory < 20260401-0 > ======================================================================= title: Broken Access Control             product: Open WebUI  vulnerable version: <v0.8.11       fixed version: v0.8.11 CVE number: CVE-2026-34222              impact: high homepage:https://openwebui.com               found: 2026-02-06…

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 02SEC Consult Vulnerability Lab Security Advisory < 20260326-0 > ======================================================================= title: Local Privilege Escalation product: Vienna Assistant (MacOS) – Vienna Symphonic Library  vulnerable version: 1.2.542 fixed version: – CVE number: CVE-2026-24068              impact: high homepage:https://www.vsl.co.at/          …

Posted by Joseph Goydish II via Fulldisclosure on Apr 02SUMMARY Apple’s Oblivious HTTP relay for Live Caller ID Lookup (iOS 18+) routes traffic through 14 third-party endpoints across six countries. These include an anonymous Delaware LLC sharing data with OpenAI, a Russian endpoint (Yandex), and a Swiss GmbH whose privacy policy names “The Legal Entity to be Confirmed” as its data controller. None of this is disclosed to users. This is shared infrastructure. All devices using Live…

Posted by Egidio Romano on Apr 02————————————————————————— MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability ————————————————————————— [-] Software Link: https://www.metinfo.cn [-] Affected Versions: Versions 7.9, 8.0, and 8.1. [-] Vulnerability Description: The vulnerable code is located into the…

Posted by cyber security on Apr 02A vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This issue has been assigned CVE‑2026‑33691. Impact: Attackers may evade CRS protections and upload web shells disguised with whitespace‑padded extensions. Exploitation is most practical on Windows backends that normalize whitespace in filenames…

Posted by Apple Product Security via Fulldisclosure on Mar 28APPLE-SA-03-24-2026-10 Xcode 26.4 Xcode 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126801. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. otool Available for: macOS Tahoe 26.2 and later Impact: An app may be able to cause unexpected system termination Description: An…

Posted by Apple Product Security via Fulldisclosure on Mar 28APPLE-SA-03-24-2026-9 Safari 26.4 Safari 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126800. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may prevent Content Security…

Posted by Apple Product Security via Fulldisclosure on Mar 28APPLE-SA-03-24-2026-8 visionOS 26.4 visionOS 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126799. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: Apple Vision Pro (all models) Impact: An attacker in a privileged network position may be able to intercept…

Posted by Apple Product Security via Fulldisclosure on Mar 28APPLE-SA-03-24-2026-7 watchOS 26.4 watchOS 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126798. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: Apple Watch Series 6 and later Impact: An attacker in a privileged network position may be able to intercept…

Posted by Apple Product Security via Fulldisclosure on Mar 28APPLE-SA-03-24-2026-6 tvOS 26.4 tvOS 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126797. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: Apple TV HD and Apple TV 4K (all models) Impact: An attacker in a privileged network position may be able to intercept…

Posted by Apple Product Security via Fulldisclosure on Mar 28APPLE-SA-03-24-2026-5 macOS Sonoma 14.8.5 macOS Sonoma 14.8.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/126796. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: macOS Sonoma Impact: An attacker in a privileged network position may be able to intercept network…

Posted by Apple Product Security via Fulldisclosure on Mar 28APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5 macOS Sequoia 15.7.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/126795. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: macOS Sequoia Impact: An attacker in a privileged network position may be able to intercept…