CVE-2026-0236

A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser...

CVE-2026-0236 Prisma Browser: Code Injection Enables Security Controls Bypass

A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser...

PT-2026-40748

Name of the Vulnerable Software and Affected Versions Prisma Browser on macOS affected versions not specified Description A code injection issue exists where the software fails to properly restrict access to its AppleScript interface. This allows a locally authenticated non-admin user to use an...

CVE-2026-34779

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFolder used an AppleScript fallback path that did not properly handle certain characters in the...

CVE-2026-34779

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFolder used an AppleScript fallback path that did not properly handle certain characters in the...

EUVD-2026-18957

Electron: AppleScript injection in app.moveToApplicationsFolder on macOS...

GHSA-5RQW-R77C-JP79 Electron: AppleScript injection in app.moveToApplicationsFolder on macOS

Impact On macOS, app.moveToApplicationsFolder used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the...

Electron: AppleScript injection in app.moveToApplicationsFolder on macOS

Impact On macOS, app.moveToApplicationsFolder used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the...

PT-2026-30009

Impact On macOS, app.moveToApplicationsFolder used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the...

CVE-2022-26698

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of proce...

EUVD-2021-17793

Malware in sbrugna...

EUVD-2005-1334

Malware in sbrugna...

EUVD-2021-17796

Malware in sbrugna...

EUVD-2021-17797

Malware in sbrugna...

EUVD-2011-0199

Malware in sbrugna...

EUVD-2017-5324

Malware in sbrugna...

EUVD-2021-17794

Malware in sbrugna...

EUVD-2009-0940

Malware in sbrugna...

EUVD-2022-27770

Malicious code in bioql PyPI...

EUVD-2025-19900

Malicious code in bioql PyPI...