13695 matches found
CVE-2026-0275
A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS...
CVE-2026-0275
A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS...
CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...
CVE-2026-14802 react create-react-app react-dev-utils openBrowser.js startBrowserProcess os command injection
A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...
Linux Distros Unpatched Vulnerability : CVE-2026-13975
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain...
CVE-2026-13998
Impact: Affected software is Google Chrome on macOS. The vulnerability stems from an incorrect security UI in the File Input component, enabling UI spoofing when a user is induced to perform specific UI gestures via a crafted HTML page. Root cause: flawed security UI handling in Chrome/Chromium’s...
CVE-2026-43706
CVE-2026-43706 is a memory-management defect (double free) in libxslt affecting macOS Tahoe 26.5.2, iOS 26.5.2, and iPadOS 26.5.2. The root cause is a double-free in processing malicious web content, which may cause an unexpected process crash. Apple lists libxslt as the vulnerable component with...
CVE-2026-43742
CVE-2026-43742 describes a use-after-free vulnerability tied to processing malicious web content, addressed by memory-management fixes in Safari 26.5.2, iOS 26.5.2 / iPadOS 26.5.2, and macOS Tahoe 26.5.2. Connected sources enumerate affected components including WebKit (and WebKit subareas like W...
PT-2026-53710
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may lead to an unexpected process crash due to improper...
Google Chrome AddGenericPassword infomation overwrite vulnerability
Summary An infomation overwrite vulnerability exists in the AddGenericPassword functionality of Chrome 148.0.7778.216 Mac arm64. A keychain write from a same-user process can overwrite Chrome’s encryption key, leading to disclosure of sensitive information. An attacker can make a specially crafte...
Malicious code in web3-token-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...
GHSA-C226-Q6FX-6J6C OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags
Summary macOS Swift exec allowlist missed combined POSIX inline flags. In affected versions, a command request using combined POSIX inline-command flags could miss inline-command content expressed through combined flags. This advisory is scoped to the named feature and configuration. It does not...
GHSA-8XPQ-CJCF-3WH9 Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)
Summary Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done at the raw-byte level while the APFS filesystem treats different...
CVE-2026-42890
CVE-2026-42890 affects the macOS desktop application Actual (version 25.x, Electron 39.2.7). The ELECTRON_RUN_AS_NODE fuse was not disabled, allowing a local attacker who can place a file on disk or influence command-line arguments to invoke Actual.app with ELECTRON_RUN_AS_NODE=1. This converts t...
CVE-2026-42890 actual Allows Electron to Run As Node
Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...
PT-2026-49009
Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.56 Description A heap buffer out-of-bounds read occurs in the antivirus engine when scanning a malformed PDF file. This issue may lead to local execution of code or a denial-of-service of the engine...
CVE-2026-12022
The vulnerability CVE-2026-12022 affects Google Chrome on macOS, where a race in Safe Browsing could allow a renderer‑process–hijacked attacker to escape the sandbox via a malicious file. The issue is tied to Chrome versions prior to 149.0.7827.115; evidence from ENISA/EUVD and Chrome security no...
CVE-2025-46313
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
EUVD-2025-210115
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...
EUVD-2025-210114
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox...