Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 08

SEC Consult Vulnerability Lab Security Advisory < 20260608-0 >
=======================================================================
title: Privilege Escalation via Binary Planting
            product: Genetec-provided RabbitMQ in multiple Genetec products
vulnerable version: Multiple products, see below.
      fixed version: Multiple products, see below.
CVE number: CVE-2026-25112
           ...

Posted by Moritz Bechler via Fulldisclosure on Jun 08

Advisory ID: SYSS-2026-004
Product: SAP NetWeaver ABAP / SAP_BASIS
Manufacturer: SAP SE
Affected Version(s): SAP_BASIS 700 - 918
Tested Version(s): 7.93 Patch 300
Vulnerability Type: CWE-347: Improper Verification of Cryptographic Signature
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2025-11-06
Solution Date: 2026-02-10...

OpenEMR 7.0.2 - Arbitrary File Read

WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection

Posted by Matteo Beccati on Jun 04

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2026-002
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2026-002
------------------------------------------------------------------------
Date: 2026-06-03
Risk Level: Medium to High
Applications affected: Revive Adserver
Versions...

Drupal Core 10.5.5 - Error-Based SQL Injection

WordPress OrderConvo 14 - Path Traversal

Posted by Thomas Weber | CyberDanube via Fulldisclosure on May 31

CyberDanube Security Research 20260528-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities
product| Mennekes Amtron Series and Smart-T PnC
vulnerable version| 5.22.3
fixed version| 5.33.11-21500
CVE number| CVE-2026-8979, CVE-2026-8980
impact| High
homepage| https://www.mennekes.at/
found|...

Posted by binreaper via Fulldisclosure on May 31

Hi all,

Posting a brief summary of a four-finding disclosure on bmcweb (the OpenBMC HTTP/Redfish web server), which ships in
BMC firmware on most modern enterprise servers — Intel, IBM, HPE, NVIDIA, and various ODMs.

Full timeline and analysis on the blog:

https://binreaper.pages.dev/posts/2026-05-27-bmcweb-disclosure/

## Why bmcweb matters

A Baseboard Management Controller boots before the host CPU, has full control over the server...

Notepad++ 8.9.6 - Arbitrary Code Execution

YAMCS yamcs-core 5.12.7 - No Rate Limiting

YAMCS yamcs-core 5.12.7 - User Enumeration

YAMCS yamcs-core 5.12.7 - LDAP Injection

Microsoft - NTLMv2 Hash Capture

MikroORM 7.0.13 - SQL Injection

Prodigy Commerce 3.3.0 - Local File Inclusion

Langflow 1.3.0 - Remote Code Execution

Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution

ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion

ZTE Routers - Unauthenticated Denial of Service