CVE-2026-39309

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

CVE-2026-28988

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences...

EUVD-2026-29282

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences...

About the security content of macOS Tahoe 26.5

About the security content of macOS Tahoe 26.5 This document describes the security content of macOS Tahoe 26.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

About the security content of visionOS 26.5

About the security content of visionOS 26.5 This document describes the security content of visionOS 26.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

About the security content of iOS 26.5 and iPadOS 26.5

About the security content of iOS 26.5 and iPadOS 26.5 This document describes the security content of iOS 26.5 and iPadOS 26.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

PT-2026-28531

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description The objects/playlistsVideos.json.php endpoint does not enforce authentication or authorization checks, allowing access to the full video contents of any playlist by its ID. While private...

Security Bypass Vulnerability in Multiple Apple Products

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A security bypass vulnerability exists in multiple Apple products, which can be exploited by an attacker to...

CVE-2026-28559

wpForo Forum 2.4.14 has an information disclosure flaw in the global RSS feed endpoint that allows unauthenticated access to private and unapproved topics. Requesting the RSS feed without a forum ID bypasses privacy and status filters that are applied when a specific forum ID is present, exposing...

PT-2026-22480

Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description The software contains an information disclosure issue that allows unauthenticated users to retrieve private and unapproved forum topics. This is possible through the global RSS feed endpoint. When...

PT-2026-22187

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, had a flaw where a user could add targets who had blocked, ignored, or...

CVE-2026-20606

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to bypass certain Privacy preferences...

CVE-2026-20606

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to bypass certain Privacy preferences...

CVE-2026-20606

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to bypass certain Privacy preferences...

CVE-2026-20606

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to bypass certain Privacy preferences...

CVE-2026-20606

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to bypass certain Privacy preferences...

CVE-2026-20606

The CVE-2026-20606 issue was resolved by removing the vulnerable code and is fixed in specific Apple OS updates: macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4; iOS 18.7.5 and iPadOS 18.7.5, and iOS 26.3 and iPadOS 26.3. The vulnerability could allow an app to bypass certain privacy ...

PT-2026-5345

An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls...

CVE-2025-15523

A flaw was found in the MacOS version of Inkscape. This issue allows a local attacker to bypass Transparency, Consent, and Control TCC permissions by invoking the bundled Python interpreter with arbitrary commands or scripts. This enables unauthorized access to user files in privacy-protected...

Malicious Google Calendar invites could expose private data

Researchers found a way to weaponize calendar invites. They uncovered a vulnerability that allowed them to bypass Google Calendar’s privacy controls using a dormant payload hidden inside an otherwise standard calendar invite. Image courtesy of Miggo An attacker creates a Google Calendar event and...