CVE-2026-28946

• Apple Inc./Apple Tvllm-fuzzy

  Range: <=26.5
• Apple Inc./Safarillm-fuzzy

  Range: <=26.5

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

• support.apple.com/en-us/127115nvdRelease NotesVendor Advisory
• support.apple.com/en-us/127121nvd

• Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026
  BleepingComputer · May 14, 2026
• ZDI-26-313: Apple Safari Regular Expression Duplicate Named Groups Heap-based Buffer Overflow Remote Code Execution Vulnerability
  Zero Day Initiative · May 12, 2026
• ZDI-26-312: Apple Safari Web Inspector WebCore Style Resolver Use-After-Free Remote Code Execution Vulnerability
  Zero Day Initiative · May 12, 2026
• Apple Patches Everything, (Mon, May 11th)
  SANS Internet Storm Center · May 11, 2026
• Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
  Unit 42 · May 7, 2026
• Attackers Actively Exploiting Critical Vulnerability in Breeze Cache Plugin
  Wordfence Blog · May 5, 2026
• CloudZ RAT potentially steals OTP messages using Pheno plugin
  Cisco Talos Intelligence · May 5, 2026
• Open-source privacy proxy masks PII before prompts reach external AI services
  Help Net Security · May 1, 2026
• SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
  The Hacker News · Apr 29, 2026
• Today's Odd Web Requests, (Wed, Apr 29th)
  SANS Internet Storm Center · Apr 29, 2026
• HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)
  SANS Internet Storm Center · Apr 28, 2026
• Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin
  Wordfence Blog · Apr 16, 2026
• 30th March – Threat Intelligence Report
  Check Point Research · Mar 30, 2026
• Risky Business #830 -- LiteLLM and security scanner supply chains compromised
  Risky Business · Mar 25, 2026
• Siemens SIMATIC
  CISA Alerts