https://vulnerability.circl.lu/sightings/feed 2026-06-19T23:21:46.973511+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/be033f78-5548-4195-aaeb-c662f828f134/export 2026-06-19T23:21:47.362458+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "be033f78-5548-4195-aaeb-c662f828f134", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-28840", "type": "seen", "source": "https://www.thezdi.com/blog/2026/5/12/the-apple-macos-security-update-review", "content": "We\u2019ve received some feedback from those who read the Patch Blog that they would like something similar for macOS updates. Unfortunately, Apple doesn\u2019t schedule these for a particular day, but we can provide our thoughts and analysis on the days they do release their latest patches. \nFor May 2026, Apple released 82 unique CVEs across the three macOS versions: 79 for macOS Tahoe 26.5, 45 for macOS Sequoia 15.7.7, and 42 for macOS Sonoma 14.8.7. Since Apple doesn\u2019t provide CVSS scores or other severity information, we\u2019re left to speculate on which of these bugs is the most severe. However, there are a couple that stand out.\n-              CVE-2026-28819 (Wi-Fi) stands out as the strongest candidate for the most severe as it states, \u201cAn app may be able to execute arbitrary code with kernel privileges.\u201d The combination of arbitrary code execution at the kernel level is about as bad as it gets on a severity scale. Plus, it affects all three macOS versions (Tahoe, Sequoia, and Sonoma).\n-              CVE-2026-43668 (mDNSResponder) also piques my interest since, \u201cA remote attacker may be able to cause unexpected system termination or corrupt kernel memory.\u201d The remote attack vector with kernel memory corruption on all three OS versions makes this a serious one, especially since mDNSResponder is always running.\n-              CVE-2026-28972 (Kernel) This one states that \u201cAn app may be able to cause unexpected system termination or write kernel memory.\u201d An out-of-bounds write directly into kernel memory on all three OS versions. This one may also have implications in the upcoming Pwn2Own Berlin contest.\nHere\u2019s a look at all the bugs released by Apple this month:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n \n\n\n\n\n \n \n\n\n 82Unique CVEs\n 79macOS Tahoe 26.5\n 45macOS Sequoia 15.7.7\n 42macOS Sonoma 14.8.7\n\n\n\n\n<colgroup>\n <col />\n <col />\n <col />\n <col />\n <col />\n <col />\n</colgroup>\n\n\n \n CVE ID\n Component\n Impact\n macOS Tahoe 26.5\n macOS Sequoia 15.7.7\n macOS Sonoma 14.8.7\n \n\n\n \n CVE-2026-28991\n Accelerate\n An app may be able to cause a denial-of-service\n Yes\n No\n No\n \n \n CVE-2026-28988\n Accounts\n An app may be able to bypass certain Privacy preferences\n Yes\n No\n No\n \n \n CVE-2026-28959\n APFS\n An app may be able to cause unexpected system termination\n Yes\n Yes\n Yes\n \n \n CVE-2026-28995\n App Intents\n A malicious app may be able to break out of its sandbox\n Yes\n No\n No\n \n \n CVE-2026-1837\n AppleJPEG\n Processing a maliciously crafted image may lead to a denial-of-service\n Yes\n No\n No\n \n \n CVE-2026-28956\n AppleJPEG\n Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory\n Yes\n Yes\n Yes\n \n \n CVE-2026-39869\n Audio\n Processing an audio stream in a maliciously crafted media file may terminate the process\n Yes\n Yes\n Yes\n \n \n CVE-2026-28922\n CoreMedia\n An app may be able to access private information\n Yes\n Yes\n Yes\n \n \n CVE-2026-28936\n CoreServices\n Processing a maliciously crafted file may lead to unexpected app termination\n Yes\n No\n Yes\n \n \n CVE-2026-28918\n CoreSymbolication\n Parsing a maliciously crafted file may lead to an unexpected app termination\n Yes\n No\n No\n \n \n CVE-2026-28878\n Crash Reporter\n An app may be able to enumerate a user's installed apps\n No\n Yes\n No\n \n \n CVE-2026-28915\n CUPS\n An app may be able to gain root privileges\n Yes\n Yes\n Yes\n \n \n CVE-2026-43659\n FileProvider\n An app may be able to access sensitive user data\n Yes\n Yes\n Yes\n \n \n CVE-2026-28923\n GPU Drivers\n A malicious app may be able to break out of its sandbox\n Yes\n Yes\n Yes\n \n \n CVE-2026-28925\n HFS\n An app may be able to cause unexpected system termination or write kernel memory\n Yes\n Yes\n Yes\n \n \n CVE-2025-43524\n Icons\n An app may be able to break out of its sandbox\n No\n Yes\n Yes\n \n \n CVE-2026-43661\n ImageIO\n Processing a maliciously crafted image may corrupt process memory\n Yes\n No\n No\n \n \n CVE-2026-28977\n ImageIO\n Processing a maliciously crafted file may lead to unexpected app termination\n Yes\n Yes\n Yes\n \n \n CVE-2026-28990\n ImageIO\n Processing a maliciously crafted image may corrupt process memory\n Yes\n Yes\n Yes\n \n \n CVE-2026-28978\n Installer\n A malicious app may be able to break out of its sandbox\n Yes\n Yes\n Yes\n \n \n CVE-2026-28992\n IOHIDFamily\n An attacker may be able to cause unexpected app termination\n Yes\n Yes\n Yes\n \n \n CVE-2026-28943\n IOHIDFamily\n An app may be able to determine kernel memory layout\n Yes\n Yes\n Yes\n \n \n CVE-2026-28969\n IOKit\n An app may be able to cause unexpected system termination\n Yes\n Yes\n Yes\n \n \n CVE-2026-43655\n IOSurfaceAccelerator\n An app may be able to cause unexpected system termination or read kernel memory\n Yes\n No\n No\n \n \n CVE-2026-43654\n Kernel\n An app may be able to disclose kernel memory\n Yes\n Yes\n Yes\n \n \n CVE-2026-28908\n Kernel\n An app may be able to modify protected parts of the file system\n Yes\n Yes\n Yes\n \n \n CVE-2026-28954\n Kernel\n A maliciously crafted disk image may bypass Gatekeeper checks\n Yes\n Yes\n Yes\n \n \n CVE-2026-28897\n Kernel\n A local user may be able to cause unexpected system termination or read kernel memory\n Yes\n Yes\n Yes\n \n \n CVE-2026-28952\n Kernel\n An app may be able to cause unexpected system termination\n Yes\n Yes\n Yes\n \n \n CVE-2026-28951\n Kernel\n An app may be able to gain root privileges\n Yes\n Yes\n Yes\n \n \n CVE-2026-28972\n Kernel\n An app may be able to cause unexpected system termination or write kernel memory\n Yes\n Yes\n Yes\n \n \n CVE-2026-28986\n Kernel\n An app may be able to cause unexpected system termination\n Yes\n Yes\n Yes\n \n \n CVE-2026-28987\n Kernel\n An app may be able to leak sensitive kernel state\n Yes\n Yes\n Yes\n \n \n CVE-2026-28983\n LaunchServices\n A remote attacker may be able to cause a denial of service\n Yes\n No\n No\n \n \n CVE-2026-28929\n Mail Drafts\n Replying to an email could display remote images in Mail in Lockdown Mode\n Yes\n Yes\n Yes\n \n \n CVE-2026-43653\n mDNSResponder\n An attacker on the local network may be able to cause a denial-of-service\n Yes\n No\n Yes\n \n \n CVE-2026-28985\n mDNSResponder\n An attacker on the local network may be able to cause a denial-of-service\n Yes\n No\n No\n \n \n CVE-2026-43668\n mDNSResponder\n A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n Yes\n Yes\n Yes\n \n \n CVE-2026-43666\n mDNSResponder\n An attacker on the local network may be able to cause a denial-of-service\n Yes\n Yes\n Yes\n \n \n CVE-2026-28941\n Model I/O\n Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents\n Yes\n Yes\n No\n \n \n CVE-2026-28940\n Model I/O\n Processing a maliciously crafted image may corrupt process memory\n Yes\n Yes\n No\n \n \n CVE-2026-28961\n Network Extensions\n An attacker with physical access to a locked device may be able to view sensitive user information\n Yes\n No\n No\n \n \n CVE-2026-28906\n Networking\n An attacker may be able to track users through their IP address\n Yes\n Yes\n Yes\n \n \n CVE-2026-28840\n PackageKit\n An app may be able to gain root privileges\n No\n Yes\n Yes\n \n \n CVE-2026-43656\n Quick Look\n Parsing a maliciously crafted file may lead to an unexpected app termination\n Yes\n Yes\n Yes\n \n \n CVE-2026-43652\n Sandbox\n An app may be able to access protected user data\n Yes\n No\n No\n \n \n CVE-2026-39870\n SceneKit\n Processing a maliciously crafted image may corrupt process memory\n Yes\n Yes\n Yes\n \n \n CVE-2026-28846\n SceneKit\n A remote attacker may be able to cause unexpected app termination\n Yes\n Yes\n Yes\n \n \n CVE-2026-28993\n Shortcuts\n An app may be able to access user-sensitive data\n Yes\n Yes\n Yes\n \n \n CVE-2026-28848\n SMB\n A remote attacker may be able to cause unexpected system termination\n Yes\n Yes\n No\n \n \n CVE-2026-28930\n Spotlight\n An app may be able to access protected user data\n Yes\n No\n No\n \n \n CVE-2026-28974\n Spotlight\n An app may be able to cause a denial-of-service\n Yes\n Yes\n No\n \n \n CVE-2026-28996\n Storage\n An app may be able to access sensitive user data\n Yes\n Yes\n Yes\n \n \n CVE-2026-28919\n StorageKit\n An app may be able to gain root privileges\n Yes\n Yes\n Yes\n \n \n CVE-2026-28924\n Sync Services\n An app may be able to access Contacts without user consent\n Yes\n Yes\n Yes\n \n \n CVE-2026-39871\n TV App\n An app may be able to observe unprotected user data\n Yes\n Yes\n Yes\n \n \n CVE-2026-28976\n UserAccountUpdater\n An app may be able to gain root privileges\n Yes\n No\n No\n \n \n CVE-2026-43660\n WebKit\n Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n Yes\n No\n No\n \n \n CVE-2026-28907\n WebKit\n Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n Yes\n No\n No\n \n \n CVE-2026-28962\n WebKit\n Processing maliciously crafted web content may disclose sensitive user information\n Yes\n No\n No\n \n \n CVE-2026-43658\n WebKit\n Processing maliciously crafted web content may lead to an unexpected Safari crash\n Yes\n No\n No\n \n \n CVE-2026-28905\n WebKit\n Processing maliciously crafted web content may lead to an unexpected process crash\n Yes\n No\n No\n \n \n CVE-2026-28847\n WebKit\n Processing maliciously crafted web content may lead to an unexpected process crash\n Yes\n No\n No\n \n \n CVE-2026-28904\n WebKit\n Processing maliciously crafted web content may lead to an unexpected process crash\n Yes\n No\n No\n \n \n CVE-2026-28955\n WebKit\n Processing maliciously crafted web content may lead to an unexpected process crash\n Yes\n No\n No\n \n \n CVE-2026-28903\n WebKit\n Processing maliciously crafted web content may lead to an unexpected process crash\n Yes\n No\n No\n \n \n CVE-2026-28953\n WebKit\n Processing maliciously crafted web content may lead to an unexpected process crash\n Yes\n No\n No\n \n \n CVE-2026-28902\n WebKit\n Processing maliciously crafted web content may lead to an unexpected process crash\n Yes\n No\n No\n \n \n CVE-2026-28901\n WebKit\n Processing maliciously crafted web content may lead to an unexpected process crash\n Yes\n No\n No\n \n \n CVE-2026-28913\n WebKit\n Processing maliciously crafted web content may lead to an unexpected process crash\n Yes\n No\n No\n \n \n CVE-2026-28883\n WebKit\n Processing maliciously crafted web content may lead to an unexpected process crash\n Yes\n No\n No\n \n \n CVE-2026-28958\n WebKit\n An app may be able to access sensitive user data\n Yes\n No\n No\n \n \n CVE-2026-28917\n WebKit\n Processing maliciously crafted web content may lead to an unexpected process crash\n Yes\n No\n No\n \n \n CVE-2026-28947\n WebKit\n Processing maliciously crafted web content may lead to an unexpected Safari crash\n Yes\n No\n No\n \n \n CVE-2026-28946\n WebKit\n Processing maliciously crafted web content may lead to an unexpected Safari crash\n Yes\n No\n No\n \n \n CVE-2026-28942\n WebKit\n Processing maliciously crafted web content may lead to an unexpected Safari crash\n Yes\n No\n No\n \n \n CVE-2026-28971\n WebKit\n A malicious iframe may use another website's download settings\n Yes\n No\n No\n \n \n CVE-2026-28944\n WebRTC\n Processing maliciously crafted web content may lead to an unexpected process crash\n Yes\n No\n No\n \n \n CVE-2026-28819\n Wi-Fi\n An app may be able to execute arbitrary code with kernel privileges\n Yes\n Yes\n Yes\n \n \n CVE-2026-28994\n Wi-Fi\n An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets\n Yes\n Yes\n Yes\n \n \n CVE-2026-28914\n zip\n A maliciously crafted ZIP archive may bypass Gatekeeper checks\n Yes\n No\n No\n \n \n CVE-2026-28920\n zlib\n Visiting a maliciously crafted website may leak sensitive data\n Yes\n Yes\n Yes\n \n\n\n\n\n\n \n\n\n\n\n \nWe\u2019ll continue these macOS updates if people find them useful. Stay tuned for the regularly schedule Patch Tuesday blog covering Adobe and Microsoft. ", "creation_timestamp": "2026-05-12T10:21:51.000000Z"} 2026-05-12T10:21:51+00:00 https://vulnerability.circl.lu/sighting/2e3a5f89-2b07-453e-9117-fb7e8ab25b92/export 2026-06-19T23:21:47.361472+00:00 Joseph Lee https://cve.circl.lu/user/syspect {"uuid": "2e3a5f89-2b07-453e-9117-fb7e8ab25b92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-28840", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20260513", "content": "", "creation_timestamp": "2026-05-12T18:00:00.000000Z"} 2026-05-12T18:00:00+00:00 https://vulnerability.circl.lu/sighting/2ac301f2-4d48-4a28-8bcb-c29f6e1bd8ee/export 2026-06-19T23:21:47.357472+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "2ac301f2-4d48-4a28-8bcb-c29f6e1bd8ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-28840", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/116753779404601476", "content": "En las \u00faltimas 24 horas se han detectado explotaciones cr\u00edticas en PAN-OS GlobalProtect VPN que permiten accesos no autorizados, un malware NarwhalRAT avanzado de APT37 que usa scripts LNK y PowerShell para infiltrarse, y una vulnerabilidad en MacOS que eleva privilegios v\u00eda Python, adem\u00e1s de t\u00e9cnicas para identificar empresas fantasma y evitar fraudes. Descubre estos y m\u00e1s detalles en el siguiente listado de noticias sobre seguridad inform\u00e1tica:\n\ud83d\uddde\ufe0f \u00daLTIMAS NOTICIAS EN SEGURIDAD INFORM\u00c1TICA \ud83d\udd12====| \ud83d\udd25 LO QUE DEBES SABER HOY \ufeff\ufeff15/06/26\ufeff\ufeff \ud83d\udcc6 |==== \n\ud83d\udd10 ALERTA POR EXPLOTACI\u00d3N ACTIVA DE VULNERABILIDAD EN PAN-OS GLOBALPROTECT VPN\nPalo Alto Networks ha detectado una explotaci\u00f3n activa de la vulnerabilidad CVE-2026-0257 en su sistema PAN-OS GlobalProtect VPN. Esta falla permite evadir la autenticaci\u00f3n est\u00e1ndar y crear sesiones VPN no autorizadas, poniendo en riesgo la red corporativa. Es fundamental actualizar y reforzar las configuraciones de seguridad para evitar accesos indebidos y posibles brechas de datos.\nDescubre c\u00f3mo proteger tu infraestructura ante esta amenaza cr\u00edtica aqu\u00ed \ud83d\udc49 https://djar.co/m4Ku5\n\ud83e\udd88 AN\u00c1LISIS PROFUNDO DEL MALWARE NARWHALRAT DE APT37\nEl grupo APT37 utiliza un sofisticado malware basado en Python llamado NarwhalRAT que se propaga mediante archivos LNK maliciosos que ejecutan scripts de PowerShell y comandos por lotes. Esta campa\u00f1a combina t\u00e9cnicas avanzadas de phishing tem\u00e1tico, comandos C2 en modo sigiloso y persistencia, afectando a m\u00faltiples entornos empresariales. Comprender su modus operandi es clave para implementar defensas efectivas.\nConsulta el informe completo con indicadores de compromiso y estrategias de mitigaci\u00f3n aqu\u00ed \ud83d\udc49 https://djar.co/nEUM\n\ud83d\udc0d NUEVA VULNERABILIDAD EN MACOS PERMITE ESCALAR PRIVILEGIOS USANDO PYTHON\nLa vulnerabilidad CVE-2026-28840 detectada en MacOS permite a atacantes con acceso limitado elevar sus privilegios mediante scripts en Python, comprometiendo la integridad del sistema operativo. Este fallo representa un riesgo cr\u00edtico para usuarios y organizaciones que dependen de entornos Mac, especialmente en sectores sensibles. Actualizar y aplicar parches es urgente para cerrar esta brecha.\nInf\u00f3rmate sobre los detalles t\u00e9cnicos y pasos para proteger tus equipos Mac aqu\u00ed \ud83d\udc49 https://djar.co/LMnK\n\ud83d\udd0d C\u00d3MO IDENTIFICAR UNA EMPRESA FANTASMA EN 2026: 7 SE\u00d1ALES CLAVE\nEn el entorno empresarial actual, distinguir compa\u00f1\u00edas leg\u00edtimas de empresas ficticias es vital para evitar fraudes y malas inversiones. Esta gu\u00eda pr\u00e1ctica expone 7 se\u00f1ales basadas en t\u00e9cnicas OSINT y herramientas gratuitas que te ayudar\u00e1n a verificar la autenticidad de cualquier empresa. Incluye un an\u00e1lisis detallado de un caso real, paso a paso, para que puedas aplicar estos m\u00e9todos de inmediato.\nAprende a detectar riesgos ocultos y proteger tus decisiones comerciales aqu\u00ed \ud83d\udc49 https://djar.co/3pU6", "creation_timestamp": "2026-06-15T11:01:35.537632Z"} 2026-06-15T11:01:35.537632+00:00