Posted by Apple Product Security via Fulldisclosure on Mar 28

APPLE-SA-03-24-2026-10 Xcode 26.4

Xcode 26.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126801.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

otool
Available for: macOS Tahoe 26.2 and later
Impact: An app may be able to cause unexpected system termination
Description: An...

Posted by Apple Product Security via Fulldisclosure on Mar 28

APPLE-SA-03-24-2026-9 Safari 26.4

Safari 26.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126800.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Sonoma and macOS Sequoia
Impact: Processing maliciously crafted web content may prevent Content
Security...

Posted by Apple Product Security via Fulldisclosure on Mar 28

APPLE-SA-03-24-2026-8 visionOS 26.4

visionOS 26.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126799.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

802.1X
Available for: Apple Vision Pro (all models)
Impact: An attacker in a privileged network position may be able to
intercept...

Posted by Apple Product Security via Fulldisclosure on Mar 28

APPLE-SA-03-24-2026-7 watchOS 26.4

watchOS 26.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126798.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

802.1X
Available for: Apple Watch Series 6 and later
Impact: An attacker in a privileged network position may be able to
intercept...

Posted by Apple Product Security via Fulldisclosure on Mar 28

APPLE-SA-03-24-2026-6 tvOS 26.4

tvOS 26.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126797.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

802.1X
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker in a privileged network position may be able to
intercept...

Posted by Apple Product Security via Fulldisclosure on Mar 28

APPLE-SA-03-24-2026-5 macOS Sonoma 14.8.5

macOS Sonoma 14.8.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126796.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

802.1X
Available for: macOS Sonoma
Impact: An attacker in a privileged network position may be able to
intercept network...

Posted by Apple Product Security via Fulldisclosure on Mar 28

APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5

macOS Sequoia 15.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126795.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

802.1X
Available for: macOS Sequoia
Impact: An attacker in a privileged network position may be able to
intercept...

Posted by Apple Product Security via Fulldisclosure on Mar 28

APPLE-SA-03-24-2026-3 macOS Tahoe 26.4

macOS Tahoe 26.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126794.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

802.1X
Available for: macOS Tahoe
Impact: An attacker in a privileged network position may be able to
intercept network...

Posted by Apple Product Security via Fulldisclosure on Mar 28

APPLE-SA-03-24-2026-2 iOS 18.7.7 and iPadOS 18.7.7

iOS 18.7.7 and iPadOS 18.7.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126793.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

802.1X
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An attacker in...

Posted by Apple Product Security via Fulldisclosure on Mar 28

APPLE-SA-03-24-2026-1 iOS 26.4 and iPadOS 26.4

iOS 26.4 and iPadOS 26.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126792.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

802.1X
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation
and later, iPad Pro 11-inch 1st...

Posted by Egidio Romano on Mar 28

---------------------------------------------------------------------------
MailEnable <= 10.54 Multiple Reflected Cross-Site Scripting Vulnerabilities
---------------------------------------------------------------------------

[-] Software Link:

https://www.mailenable.com

[-] Affected Versions:

Version 10.54 and prior versions.

[-] Vulnerabilities Description:

1) Vulnerable code in ManageShares.aspx

User input passed through the...

Posted by Guang Gong on Mar 28

OpenClaw MEDIA: Protocol Prompt Injection - File Disclosure Bypassing Tool
Permissions
======================================================================================

OVERVIEW
--------
A file disclosure vulnerability in OpenClaw (AI personal assistant
platform)
allows any group chat member (Discord/Telegram/WhatsApp) to exfiltrate
local
files - including LLM provider API keys, conversation history, and system
prompts - via the...

Posted by Aki Tuomi on Mar 28

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. This advisory is also published at
https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html

---

Classification: TLP:GREEN

Internal reference: DOV-7830
Type: CWE-1250 (Improper Preservation of Consistency Between Independent Representations of...

Posted by Abhinav Agarwal on Mar 28

Two memory safety vulnerabilities in libfuse's io_uring code path
(introduced in 3.18.0) have been fixed in libfuse 3.18.2. Only the
io_uring transport is affected; the traditional /dev/fuse path is not.

Affected versions: libfuse >= 3.18.0, < 3.18.2
Fixed in: libfuse 3.18.2
https://github.com/libfuse/libfuse/releases/tag/fuse-3.18.2

CVE-2026-33150: Use-After-Free
Severity: High (CVSS 7.8)
CWE: CWE-416

Use-after-free in io_uring...

Posted by Qualys Security Advisory via Fulldisclosure on Mar 19

Qualys Security Advisory

Good things come to those who wait:
snap-confine + systemd-tmpfiles = root (CVE-2026-3888)

========================================================================
Contents
========================================================================

Summary
Case study: Ubuntu Desktop 24.04
- Analysis
- Exploitation
Case study: Ubuntu Desktop 25.10
- Overview
- Exploitation
A quick note on the uutils coreutils (the...

Posted by Apple Product Security via Fulldisclosure on Mar 19

APPLE-SA-03-17-2026-1 Background Security Improvements for iOS 26.3.1,
iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2

Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS
26.3.1, and macOS 26.3.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126604.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Mar 19

SEC Consult Vulnerability Lab Security Advisory < 20260318-0 >
=======================================================================
title: Multiple Privilege Escalation Vulnerabilities
product: Arturia Software Center MacOS
vulnerable version: 2.12.0.3157
fixed version: -
CVE number: CVE-2026-24062, CVE-2026-24063
             impact: high
homepage:...

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Mar 19

SEC Consult Vulnerability Lab Security Advisory < 20260317-0 >
=======================================================================
title: Multiple vulnerabilities
          product: PEGA Infinity platform
vulnerable version: CVE-2025-62181: Pega Platform versions 7.1.0 through Infinity 25.1.0
                    CVE-2025-9559: Pega Platform versions 8.7.5 to Infinity 24.2.2
      fixed version:...

Posted by Jiqiang Feng via Fulldisclosure on Mar 16

[This is an update to communications sent March 12-14 regarding Alipay security vulnerabilities.]

---

On March 15, 2026, four WeChat articles documenting security vulnerabilities in Alipay were forcibly deleted from the
public account AI-security-innora. The deletion was carried out by Tencent at the request of Beijing Geyun Law Firm,
acting on behalf of Ant Group, citing China's Cybersecurity Law.

The same complaint had been rejected...

Posted by Daniel Owens via Fulldisclosure on Mar 12

As previously mentioned, via "Struts2 and Related Framework Array/Collection DoS" (26 October 2025), hundreds of
JavaScript object notation (JSON) libraries are vulnerable to unconstrained resource consumption through large JSON
arrays, which, when deserialised, create arbitrarily large collections/arrays/data structures. This work looks
specifically at the Apache Struts2 JSON Plugin, using it as an example for why this...