fulldisclosure  

Messages by Thread

• [FD] APPLE-SA-09-29-2025-6 visionOS 26.0.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1 Apple Product Security via Fulldisclosure
• Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) josephgoyd via Fulldisclosure
• [FD] CyberDanube Security Research 20250909-0 | Cross-Site Scripting in Schneider ATV 630 Thomas Weber | CyberDanube via Fulldisclosure
• [FD] CyberDanube Security Research 20250919-0 | Multiple Vulnerabilities in Novakon P series Thomas Weber | CyberDanube via Fulldisclosure
• [FD] xpra server information disclosure Antoine Martin via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 94): BACKDOOR planted in AppLocker Stefan Kanthak via Fulldisclosure
• [FD] libelf 0.8.12 Stack-based buffer overflow in gmo2msg (libelf) via unbounded sprintf of lang argument Ron E
• [FD] Current Password not Required When Changing Password - flatpressv1.4.1 Andrey Stoykov
• [FD] [CFP] Burning River Cyber Con '25 - Cleveland, OH Burning River Cyber Con via Fulldisclosure
• [FD] libheif v1.21.0 Integer Overflow in Y4M Loader leading to Uncontrolled Memory Allocation Ron E
• [FD] SEC Consult SA-20250908-0 :: NFC Card Vulnerability Exploitation Leading to Free Top-Up in KioSoft "Stored Value" Unattended Payment Solution (Mifare) SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] libheif v1.21.0 Null Pointer Dereference in std::vector<unsigned>::empty Ron E
• [FD] DjVuLibre 3.5.29 IW44EncodeCodec Integer Overflow (Negative Left Shift in IW44Image::Map::Encode) Ron E
• [FD] FFmpeg 7.0+ Integer Overflow in FFmpeg yuvcmp Tool Leads to Out-of-Bounds Allocation Ron E
• [FD] Asterisk Security Release 20.15.2 Asterisk Development Team via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-3 iOS 16.7.12 and iPadOS 16.7.12 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-12 Xcode 26 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-11 Safari 26 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-10 visionOS 26 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-5 macOS Tahoe 26 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-9 watchOS 26 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-8 tvOS 26 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-7 macOS Sonoma 14.8 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-6 macOS Sequoia 15.7 Apple Product Security via Fulldisclosure
• [FD] libicns v0.8.1 Signed Integer Overflow in libicns during .icns file parsing Ron E
• [FD] APPLE-SA-09-15-2025-4 iOS 15.8.5 and iPadOS 15.8.5 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-15-2025-2 iOS 18.7 and iPadOS 18.7 Apple Product Security via Fulldisclosure
• [FD] libvips v8.18.0 Function Pointer Type Confusion in libvips Callback Dispatch Ron E
• [FD] libwmf v0.2.13 Integer Overflow in libwmf Left-Shift Operations (wmf.c, fig.c, svg.c) Ron E
• [FD] SEC Consult SA-20250911-0 :: Unauthenticated SQL Injection Vulnerability in Shibboleth Service Provider (SP) (ODBC interface) SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] CHMLib 0.40a Integer Overflow in _unmarshal_int32 / _unmarshal_uint32 During CHM Header Parsing Ron E
• [FD] libicns v0.8.1 Out-of-Bounds Read in libicns icns_family.c when parsing malformed .icns files Ron E
• [FD] CHMLIB 0.40a Integer Overflow in LZX Decompression of CHMLib Ron E
• [FD] gbsplay 0.0.100-18 Heap Buffer Overflow in update_status_on_subsong_change in gbsplay Ron E
• [FD] libicns v0.8.1 Heap Buffer Overflow in libicns ICNS Parsing (icns2png) Ron E
• [FD] Asterisk Security Release 21.10.2 Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 22.5.2 Asterisk Development Team via Fulldisclosure
• [FD] FFmpeg 7.0+ LADSPA Filter Arbitrary Shared Object Loading via Unsanitized Environment Variables Ron E
• [FD] Submission of Critical Firmware Parameters – PCIe HCA Cards Taylor Newsome
• [FD] libheif v1.21.0 Null Pointer Dereference in Box_hdlr::get_handler_type Ron E
• [FD] CVE-2024-45438 - SpamTitan Unauthenticated User Creation Seralys Research Team via Fulldisclosure
• [FD] Apple’s A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure & Forensic Log Loss Joseph Goydish II via Fulldisclosure
  • Re: [FD] Apple’s A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure & Forensic Log Loss Matthew Fernandez
  • Re: [FD] Apple’s A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure & Forensic Log Loss josephgoyd via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 92): more stupid blunders of Windows' File Explorer Stefan Kanthak via Fulldisclosure
• [FD] FFmpeg 7.0+ Integer Overflow in FFmpeg cache: Protocol (CacheEntry::size) Ron E
• [FD] APPLE-SA-08-20-2025-3 macOS Sequoia 15.6.1 Apple Product Security via Fulldisclosure
• [FD] libheif v1.21.0 Out-of-Bounds Read in FullBox::get_flags Ron E
• [FD] FFmpeg 7.0+ Integer Overflow in DSCP Option Handling of FFmpeg UDP Protocol Ron E
• [FD] Critical Security Report – Remote Code Execution via Persistent Discord WebRTC Automation Taylor Newsome
• [FD] FFmpeg 7.0+ Integer Overflow in UDP Protocol Handler (fifo_size option) Ron E
• [FD] FFmpeg 7.0+ NULL Pointer Dereference in FFmpeg String Handling (avstring.c) Ron E
• [FD] FFmpeg 7.0+ Type Confusion in FFmpeg Function Pointer Calls (libavformat/utils.c) Ron E
• [FD] FFmpeg 7.0+ Heap Use-After-Free in FFmpeg HLS Demuxer (libavformat/utils.c) Ron E
• [FD] DjVuLibre 3.5.29 ZPCodec Unsigned Integer Overflow in Arithmetic Encoding Ron E
• [FD] libheif v1.21.0 Out-of-Bounds Read in Box_stts::get_sample_duration Ron E
• [FD] libheif 1.21.0 Use-After-Free / Dangling shared_ptr in Track Chunk Handling Ron E
• [FD] libheif v1.21.0 Heap Buffer Overflow in Chunk::Chunk Ron E
• [FD] APPLE-SA-08-20-2025-5 macOS Ventura 13.7.8 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-08-20-2025-4 macOS Sonoma 14.7.8 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-08-20-2025-2 iPadOS 17.7.10 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-08-20-2025-1 iOS 18.6.2 and iPadOS 18.6.2 Apple Product Security via Fulldisclosure
• [FD] CSV Injection - silverstripecmsv6.0.0 Andrey Stoykov
• [FD] Host Header Injection - silverstripecmsv6.0.0 Andrey Stoykov
• [FD] [Zero-Day] AppleMediaServices Fail-Open Auth Bypass (All Platforms) josephgoyd via Fulldisclosure
• [FD] (iOS 18.6.2) Improper Input Validation in Siri Shortcuts and Shared Web Credentials josephgoyd via Fulldisclosure
• [FD] Certified Asterisk Security Release certified-18.9-cert17 George Joseph via Fulldisclosure
• [FD] Asterisk Security Release 18.26.4 Asterisk Development Team via Fulldisclosure
• [FD] liblcf v0.8.1 Integer Overflow in liblcf `ReadInt()` Leads to Out-of-Bounds Reads and Denial of Service Ron E
• [FD] Insufficient Resource Allocation Limits in nopCommerce v4.10 and v4.80.3 Excel Import Functionality Ron E
• [FD] Multi-Protocol Traceroute Usman Saeed via Fulldisclosure
• [FD] SEC Consult SA-20250728-0 :: Stored Cross-Site-Scripting in Optimizely Episerver CMS SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20250807-0 :: Race Condition in Shopware Voucher Submission SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] CSV Injection in nopcommerce v4.10 and 4.80.3 Ron E
• [FD] Session Fixation Vulnerability in iDempiere WebUI v 12.0.0.202508171158 Ron E
• [FD] Insufficient Session Cookie Invalidation in nopCommerce v4.10 and 4.80.3 Ron E
• [FD] CSV Injection in iDempiere WebUI 12.0.0.202508171158 Ron E
• [FD] liblcf v0.8.1 liblcf/lcf2xml: Untrusted LCF data triggers uncaught std::length_error via negative vector resize (DoS) Ron E
• [FD] Piciorgros TMO-100: Unauthorized configuration change via TFTP (CVE-2025-29617) Georg Lukas
• [FD] Piciorgros TMO-100: Unauthorized log data access Georg Lukas
• [FD] [tool] CRSprober Jozef Sudolsky
• [FD] iOS 18.6 - Undocumented TCC Access to Multiple Privacy Domains via preflight=yes josephgoyd via Fulldisclosure
• [FD] Kigen eUICC issue (custom backdoor vs. FW update bug) Security Explorations
• [FD] PlayReady Activation protocol issues (weak auth / fake client identities) Security Explorations
• [FD] Defense in depth -- the Microsoft way (part 91): yet another 30 year old bug of the "Properties" shell extension Stefan Kanthak via Fulldisclosure
• [FD] Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration (CVSS v4.0 Score: 9.3 / Critical) Sandro Gauci via Fulldisclosure
• [FD] APPLE-SA-07-30-2025-1 Safari 18.6 Apple Product Security via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 90): "Digital Signature" property sheet missing without "Read Extended Attributes" access permission Stefan Kanthak via Fulldisclosure
• [FD] St. Pölten UAS 20250721-0 | Multiple Vulnerabilities in Helmholz Industrial Router REX100 / mbNET.mini Thomas Weber | CyberDanube via Fulldisclosure
• [FD] APPLE-SA-07-29-2025-8 visionOS 2.6 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-07-29-2025-7 tvOS 18.6 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-07-29-2025-6 watchOS 11.6 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-07-29-2025-5 macOS Ventura 13.7.7 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-07-29-2025-4 macOS Sonoma 14.7.7 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-07-29-2025-3 macOS Sequoia 15.6 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-07-29-2025-2 iPadOS 17.7.9 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6 Apple Product Security via Fulldisclosure
• [FD] Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability Egidio Romano
• [FD] CVE‑2025‑52187 – Stored XSS in School Management System (PHP/MySQL) Sanjay Singh
• [FD] Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting Vulnerability Egidio Romano
• [FD] Stored XSS "Edit General Info" Functionality - seotoasterv2.5.0 Andrey Stoykov
• [FD] Stored XSS "Create Page" Functionality - seotoasterv2.5.0 Andrey Stoykov
• [FD] Open Redirect "Login Page" Functionality - seotoasterv2.5.0 Andrey Stoykov
• [FD] Stored XSS "Edit Header" Functionality - seotoasterv2.5.0 Andrey Stoykov
• [FD] [KIS-2025-04] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability Egidio Romano
• [FD] AK-Nord USB-Server-LXL privilege escalation and code execution (CVE-2025-52361) Marcus Krueppel
• [FD] KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information KoreLogic Disclosures via Fulldisclosure
• [FD] Multiple vulnerabilities in the web management interface of Intelbras routers Gabriel Augusto Vaz de Lima via Fulldisclosure
  • Re: [FD] Multiple vulnerabilities in the web management interface of Intelbras routers Palula Brasil
• [FD] Missing Critical Security Headers in OpenBlow Tifa Lockhart via Fulldisclosure
• [FD] SAP NetWeaver S/4HANA - ABAP Code Execution via Internal Function Office nullFaktor GmbH
• [FD] Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities Egidio Romano
• [FD] KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection KoreLogic Disclosures via Fulldisclosure
• [FD] eSIM security research (GSMA eUICC compromise and certificate theft) Security Explorations
• [FD] Directory Traversal "Site Title" - bluditv3.16.2 Andrey Stoykov
• [FD] XSS via SVG File Uploa - bluditv3.16.2 Andrey Stoykov
• [FD] Stored XSS "Add New Content" Functionality - bluditv3.16.2 Andrey Stoykov
• [FD] Session Fixation - bluditv3.16.2 Andrey Stoykov
• [FD] Remote DoS in httpx 1.7.0 – Out-of-Bounds Read via Malformed <title> Tag Brian Carpenter via Fulldisclosure
• [FD] CVE-2025-32975 - Quest KACE SMA Authentication Bypass Seralys Research Team via Fulldisclosure
• [FD] CVE-2025-32977 - Quest KACE Unauthenticated Backup Upload Seralys Research Team via Fulldisclosure
• [FD] RansomLord (NG v1.0) anti-ransomware exploit tool malvuln
• [FD] CVE-2025-32978 - Quest KACE SMA Unauthenticated License Replacement Seralys Research Team via Fulldisclosure
• [FD] CVE-2025-32976 - Quest KACE SMA 2FA Bypass Seralys Research Team via Fulldisclosure
• [FD] Disclosure Yealink Cloud vulnerabilities Jeroen Hermans via Fulldisclosure
• [FD] SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft josephgoyd via Fulldisclosure
  • Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft josephgoyd via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 89): user group policies don't deserve tamper protection Stefan Kanthak
• [FD] CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 Sanjay Singh
• [FD] ERPNext v15.53.1 Stored XSS in bio Field Allows Arbitrary Script Execution in Profile Page Ron E
• [FD] ERPNext v15.53.1 Stored XSS in user_image Field Allows Script Execution via Injected Image Path Ron E
• [FD] Local information disclosure in apport and systemd-coredump Qualys Security Advisory via Fulldisclosure
• [FD] Stored XSS via File Upload - adaptcmsv3.0.3 Andrey Stoykov
• [FD] IDOR "Change Password" Functionality - adaptcmsv3.0.3 Andrey Stoykov
• [FD] Stored XSS "Send Message" Functionality - adaptcmsv3.0.3 Andrey Stoykov
• [FD] Authenticated File Upload to RCE - adaptcmsv3.0.3 Andrey Stoykov
• [FD] Stored XSS in "Description" Functionality - cubecartv6.5.9 Andrey Stoykov
• [FD] Multiple Vulnerabilities in SAP GuiXT Scripting Michał Majchrowicz via Fulldisclosure
• [FD] CVE-2024-47081: Netrc credential leak in PSF requests library Juho Forsén via Fulldisclosure
• [FD] Exploit CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2) Housma mardini
• [FD] Youpot honeypot Jacek Lipkowski via Fulldisclosure
• [FD] SEC Consult SA-20250521-0 :: Multiple Vulnerabilities in eCharge Hardy Barth cPH2 and cPP2 charging stations SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] Structured Query Language Injection in frappe.desk.reportview.get_list Endpoint in Frappe Framework Ron E
• [FD] SEC Consult SA-20250506-0 :: Honeywell MB Secure Authenticated Command Injection SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] Unauthenticated Blind SQL Injection | RSI queue management system - V 3.0 | CVE-2025-26086 Shaikh Shahnawaz
• [FD] CVE-2025-30072 Tiiwee X1 Alarm System - Authentication Bypass by Capture-replay Sebastian Auwärter via Fulldisclosure
• [FD] SEC Consult SA-20250422-0:: Local Privilege Escalation via DLL Search Order Hijacking SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20250429-0 :: Multiple Vulnerabilities in HP Wolf Security Controller and more SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] Session Invalidation in Economizzer Allows Unauthorized Access After Logout Ron E
• [FD] Persistent Cross-Site Scripting in Economizzer Category Entry Ron E
• [FD] Persistent Cross-Site Scripting in Economizzer Cashbook Entry Ron E
• [FD] APPLE-SA-05-12-2025-9 Safari 18.5 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-8 visionOS 2.5 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-7 tvOS 18.5 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-6 watchOS 11.5 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-5 macOS Ventura 13.7.6 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-4 macOS Sonoma 14.7.6 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-3 macOS Sequoia 15.5 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-2 iPadOS 17.7.7 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-05-12-2025-1 iOS 18.5 and iPadOS 18.5 Apple Product Security via Fulldisclosure
• [FD] [KIS-2025-02] Invision Community <= 5.0.6 (customCss) Remote Code Execution Vulnerability Egidio Romano
• [FD] secuvera-SA-2025-01: Privilege Escalation in Automic Automation Agent Unix Flo Schäfer via Fulldisclosure
• [FD] Microsoft Windows .XRM-MS File / NTLM Information Disclosure Spoofing hyp3rlinx
• [FD] [IWCC 2025] CfP: 14th International Workshop on Cyber Crime - Ghent, Belgium, Aug 11-14, 2025 Artur Janicki via Fulldisclosure
• [FD] Inedo ProGet Insecure Reflection and CSRF Vulnerabilities Daniel Owens via Fulldisclosure
• [FD] Microsoft ".library-ms" File / NTLM Information Disclosure (Resurrected 2025) hyp3rlinx
• [FD] Ruby on Rails Cross-Site Request Forgery Daniel Owens via Fulldisclosure
• [FD] HNS-2025-10 - HN Security Advisory - Local privilege escalation in Zyxel uOS Marco Ivaldi
• [FD] APPLE-SA-04-16-2025-4 visionOS 2.4.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-04-16-2025-3 tvOS 18.4.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-04-16-2025-2 macOS Sequoia 15.4.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-04-16-2025-1 iOS 18.4.1 and iPadOS 18.4.1 Apple Product Security via Fulldisclosure
• [FD] Stored XSS in "Message" Functionality - AlegroCartv1.2.9 Andrey Stoykov
• [FD] Business Logic Flaw: Price Manipulation - AlegroCartv1.2.9 Andrey Stoykov
• [FD] XSS via SVG Image Upload - AlegroCartv1.2.9 Andrey Stoykov
• [FD] BBOT 2.1.0 - Local Privilege Escalation via Malicious Module Execution Housma mardini
• [FD] [CVE-2025-32102, CVE-2025-32103] SSRF and Directory Traversal in CrushFTP 10.7.1 and 11.1.0 (as well as legacy 9.x) Rafael Pedrero
• [FD] [KIS-2025-01] UNA CMS <= 14.0.0-RC4 (BxBaseMenuSetAclLevel.php) PHP Object Injection Vulnerability Egidio Romano
• [FD] OXAS-ADV-2025-0001: OX App Suite Security Advisory Martin Heiland via Fulldisclosure
• [FD] 10 vulnerabilities in Brocade Fibre Channel switches Pierre Kim
• [FD] APPLE-SA-04-01-2025-1 watchOS 11.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-31-2025-11 visionOS 2.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-31-2025-4 iPadOS 17.7.6 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-31-2025-10 tvOS 18.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-31-2025-6 iOS 15.8.4 and iPadOS 15.8.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-31-2025-8 macOS Sonoma 14.7.5 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-31-2025-9 macOS Ventura 13.7.5 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-31-2025-7 macOS Sequoia 15.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-31-2025-5 iOS 16.7.11 and iPadOS 16.7.11 Apple Product Security via Fulldisclosure

• Earlier messages