❌

Reading view

APPLE-SA-05-13-2026-1 Safari 26.5

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-13-2026-1 Safari 26.5

Safari 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127121.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Sonoma and macOS Sequoia
Impact: Processing maliciously crafted web content may prevent Content...
  •  

APPLE-SA-05-11-2026-11 visionOS 26.5

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-11 visionOS 26.5

visionOS 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127120.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accelerate
Available for: Apple Vision Pro (all models)
Impact: An app may be able to cause a denial-of-service
Description:...
  •  

APPLE-SA-05-11-2026-10 watchOS 26.5

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-10 watchOS 26.5

watchOS 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127119.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accelerate
Available for: Apple Watch Series 6 and later
Impact: An app may be able to cause a denial-of-service
Description:...
  •  

APPLE-SA-05-11-2026-9 tvOS 26.5

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-9 tvOS 26.5

tvOS 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127118.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accelerate
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to cause a denial-of-service...
  •  

APPLE-SA-05-11-2026-8 macOS Sonoma 14.8.7

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-8 macOS Sonoma 14.8.7

macOS Sonoma 14.8.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127117.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

APFS
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A...
  •  

APPLE-SA-05-11-2026-7 macOS Sequoia 15.7.7

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-7 macOS Sequoia 15.7.7

macOS Sequoia 15.7.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127116.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

APFS
Available for: macOS Sequoia
Impact: An app may be able to cause unexpected system termination
Description:...
  •  

APPLE-SA-05-11-2026-6 macOS Tahoe 26.5

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-6 macOS Tahoe 26.5

macOS Tahoe 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127115.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accelerate
Available for: macOS Tahoe
Impact: An app may be able to cause a denial-of-service
Description: An...
  •  

APPLE-SA-05-11-2026-5 iOS 15.8.8 and iPadOS 15.8.8

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-5 iOS 15.8.8 and iPadOS 15.8.8

iOS 15.8.8 and iPadOS 15.8.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127114.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Notification Services
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE...
  •  

APPLE-SA-05-11-2026-4 iOS 16.7.16 and iPadOS 16.7.16

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-4 iOS 16.7.16 and iPadOS 16.7.16

iOS 16.7.16 and iPadOS 16.7.16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127113.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Notification Services
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,...
  •  

APPLE-SA-05-11-2026-3 iPadOS 17.7.11

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-3 iPadOS 17.7.11

iPadOS 17.7.11 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127112.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Notification Services
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact:...
  •  

APPLE-SA-05-11-2026-2 iOS 18.7.9 and iPadOS 18.7.9

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-2 iOS 18.7.9 and iPadOS 18.7.9

iOS 18.7.9 and iPadOS 18.7.9 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127111.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accounts
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app...
  •  

APPLE-SA-05-11-2026-1 iOS 26.5 and iPadOS 26.5

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-1 iOS 26.5 and iPadOS 26.5

iOS 26.5 and iPadOS 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127110.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accelerate
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation
and later, iPad Pro...
  •  

Full disclosure: Impersonation attacks on Edupage portal

Posted by Juraj Kosik on May 17

VULNERABILITY
Non-sanitised submission of malicious SVG files on the Edupage portal in
combination with CSRF vulnerability allows triggering various actions on
behalf of other users, e.g. identity spoofing, sending fake messages,
giving fake approvals, etc.

Full disclosure report: https://jkosik.github.io/posts/edupage/
Reference: https://www.edupage.org/

VENDOR:
Applied Software Consultants

PRODUCT:
Edupage - https://www.edupage.org/
Web...
  •  

Full disclosure: Edupage web and mobile application authorization bypass leaks PII and IBAN codes

Posted by Juraj Kosik on May 17

VULNERABILITY
Both authenticated and publicly accessible anonymous guest accounts on
Edupage portal allow an attacker to capture the complete list of user IDs,
names (students, parents, and teachers), and the associated banking details
(IBAN codes)

Full disclosure report: https://jkosik.github.io/posts/edupage/
Reference: https://www.edupage.org/

VENDOR:
Applied Software Consultants

PRODUCT:
Edupage - https://www.edupage.org/
Web application...
  •  

Dovecot Security Advisory OXDC-2026-0002

Posted by Aki Tuomi on May 17

Hi!

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. This advisory is also published at
https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0002.html

---

Classification: TLP:GREEN

Internal reference: DOV-8967
Type: CWE-235 (Improper Handling of Extra Parameters)
Component: core
Report confidence: Confirmed
Solution...
  •  

ESP-RFID-Tool v2 PRO β€” Full Public Disclosure

Posted by Milan Berger via Fulldisclosure on Apr 29

# Security Advisory: ESP-RFID-Tool v2 PRO

**Product:** ESP-RFID-Tool v2 PRO
**Vendor:** Raik Schneider (Einstein2150), foto-video-it.de
**Repository:** https://github.com/Einstein2150/ESP-RFID-Tool-v2
**Affected Version:** v2.2.1 (latest as of 2026-04-28)
**Severity:** CRITICAL
**Disclosure Type:** Full Public Disclosure
**Disclosure Date:** 2026-04-28
**Researcher:** Milan 't4c' Berger

---

## Disclosure Timeline

| Date | Event |...
  •  

SEC Consult SA-20260427-0 :: Missing TLS Certificate Validation leading to RCE in DeskTime Time Tracking App

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29

SEC Consult Vulnerability Lab Security Advisory < 20260427-0 >
=======================================================================
title: Missing TLS Certificate Validation leading to RCE
product: DeskTime Time Tracking App
vulnerable version: 1.3.671
fixed version: -
CVE number: CVE-2025-10539
Β  Β  Β  Β  Β  Β  Β impact: medium
homepage:https://desktime.com...
  •  

SEC Consult SA-20260423-0 :: DLL Hijacking in EfficientLab Controlio (cloud-based employee monitoring service)

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29

SEC Consult Vulnerability Lab Security Advisory < 20260423-0 >
=======================================================================
title: DLL Hijacking
product: EfficientLab Controlio (cloud-based employee monitoring service)
vulnerable version: <1.3.95
Β  Β  Β fixed version: 1.3.95
Β  Β  Β  Β  CVE number: CVE-2025-10549
Β  Β  Β  Β  Β  Β  impact: High
homepage:https://controlio.net...
  •  

SEC Consult SA-20260421-0 :: Broken Access Control in Config Endpoint in LiteLLM

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29

SEC Consult Vulnerability Lab Security Advisory < 20260421-0 >
=======================================================================
title: Broken Access Control in Config Endpoint
product: LiteLLM
vulnerable version: <=v1.83.0
Β  Β  Β  fixed version: v1.83.0-nightly
Β  Β  Β  Β  Β CVE number: CVE-2026-35029
Β  Β  Β  Β  Β  Β  Β impact: high
homepage:https://www.litellm.ai/
Β  Β  Β  Β  Β  Β ...
  •  
❌