Lucene search
K

13695 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-0275

A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS...

5.4CVSS0.0011EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-0275

A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS...

5.4CVSS6AI score0.0011EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS0.00269EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/06 6:30 a.m.37 views

CVE-2026-14802 react create-react-app react-dev-utils openBrowser.js startBrowserProcess os command injection

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS0.01324EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-13975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain...

5.3CVSS6.2AI score0.00248EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:38 p.m.64 views

CVE-2026-13998

Impact: Affected software is Google Chrome on macOS. The vulnerability stems from an incorrect security UI in the File Input component, enabling UI spoofing when a user is induced to perform specific UI gestures via a crafted HTML page. Root cause: flawed security UI handling in Chrome/Chromium’s...

4.2CVSS5.8AI score0.00154EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/29 7:43 p.m.18 views

CVE-2026-43706

CVE-2026-43706 is a memory-management defect (double free) in libxslt affecting macOS Tahoe 26.5.2, iOS 26.5.2, and iPadOS 26.5.2. The root cause is a double-free in processing malicious web content, which may cause an unexpected process crash. Apple lists libxslt as the vulnerable component with...

6.5CVSS5.8AI score0.00182EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2026/06/29 7:42 p.m.26 views

CVE-2026-43742

CVE-2026-43742 describes a use-after-free vulnerability tied to processing malicious web content, addressed by memory-management fixes in Safari 26.5.2, iOS 26.5.2 / iPadOS 26.5.2, and macOS Tahoe 26.5.2. Connected sources enumerate affected components including WebKit (and WebKit subareas like W...

6.5CVSS5.8AI score0.0025EPSS
Exploits0References3Affected Software4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53710

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may lead to an unexpected process crash due to improper...

6.5CVSS5.9AI score0.00202EPSS
Exploits0References7
Talos
Talos
added 2026/06/23 12:0 a.m.16 views

Google Chrome AddGenericPassword infomation overwrite vulnerability

Summary An infomation overwrite vulnerability exists in the AddGenericPassword functionality of Chrome 148.0.7778.216 Mac arm64. A keychain write from a same-user process can overwrite Chrome’s encryption key, leading to disclosure of sensitive information. An attacker can make a specially crafte...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 10:38 p.m.11 views

Malicious code in web3-token-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...

5.8AI score
Exploits0References9
OSV
OSV
added 2026/06/18 2:52 p.m.5 views

GHSA-C226-Q6FX-6J6C OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags

Summary macOS Swift exec allowlist missed combined POSIX inline flags. In affected versions, a command request using combined POSIX inline-command flags could miss inline-command content expressed through combined flags. This advisory is scoped to the named feature and configuration. It does not...

6.6CVSS5.6AI score0.0024EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 7:11 p.m.6 views

GHSA-8XPQ-CJCF-3WH9 Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)

Summary Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done at the raw-byte level while the APFS filesystem treats different...

5.2CVSS5.8AI score0.00144EPSS
Exploits1References2
CVE
CVE
added 2026/06/12 6:58 p.m.35 views

CVE-2026-42890

CVE-2026-42890 affects the macOS desktop application Actual (version 25.x, Electron 39.2.7). The ELECTRON_RUN_AS_NODE fuse was not disabled, allowing a local attacker who can place a file on disk or influence command-line arguments to invoke Actual.app with ELECTRON_RUN_AS_NODE=1. This converts t...

4.8CVSS5.6AI score0.00126EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:58 p.m.33 views

CVE-2026-42890 actual Allows Electron to Run As Node

Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...

4.8CVSS0.00126EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-49009

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.56 Description A heap buffer out-of-bounds read occurs in the antivirus engine when scanning a malformed PDF file. This issue may lead to local execution of code or a denial-of-service of the engine...

7.8CVSS5.7AI score0.00131EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 8:48 p.m.28 views

CVE-2026-12022

The vulnerability CVE-2026-12022 affects Google Chrome on macOS, where a race in Safe Browsing could allow a renderer‑process–hijacked attacker to escape the sandbox via a malicious file. The issue is tied to Chrome versions prior to 149.0.7827.115; evidence from ENISA/EUVD and Chrome security no...

8.3CVSS5.5AI score0.00166EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/11 7:16 p.m.14 views

CVE-2025-46313

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

5.5CVSS0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 6:47 p.m.10 views

EUVD-2025-210115

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

5.5CVSS5.4AI score0.00122EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 6:47 p.m.11 views

EUVD-2025-210114

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox...

8.8CVSS5.4AI score0.00127EPSS
Exploits0References1
Rows per page
Query Builder