Lucene search
K

32995 matches found

Github Security Blog
Github Security Blog
added 2026/06/17 2:1 p.m.8 views

Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory

Summary The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync to a deterministic runtime path. On typical macOS environments, and on Linux sessions where $XDGRUNTIMEDIR is unset, that runtime path falls back to /tmp/chrome-devtools-mcp-/daemon.pid. Because the write does not us...

6.1CVSS5.5AI score0.00077EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/17 1:38 a.m.6 views

CVE-2026-12468

Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.4AI score0.00143EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50471

Name of the Vulnerable Software and Affected Versions chrome-devtools-mcp affected versions not specified Description On POSIX systems, specifically macOS and Linux sessions where the XDG RUNTIME DIR environment variable is unset, the daemon writes its PID file to a deterministic path in /tmp usi...

6.1CVSS5.4AI score0.00077EPSS
Exploits1References8
NVD
NVD
added 2026/06/16 7:17 p.m.12 views

CVE-2026-53861

OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing unauthorized command...

9.8CVSS0.0024EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 7:17 p.m.10 views

CVE-2026-53853

OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern restrictions by directly invoking allowlisted...

8.3CVSS0.00347EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 7:11 p.m.8 views

Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)

Summary Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done at the raw-byte level while the APFS filesystem treats different...

8.4CVSS5.8AI score0.00144EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/16 6:5 p.m.21 views

CVE-2026-53861

OpenClaw before 2026.5.6 has an allowlist bypass in the macOS Swift exec feature due to missing handling for combined POSIX inline flags. The vulnerability enables attackers to run shell content outside the intended allowlist check by using combined flag forms, with impact depending on operator c...

9.8CVSS5.7AI score0.0024EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/16 6:5 p.m.17 views

CVE-2026-53853

OpenClaw

8.3CVSS5.6AI score0.00347EPSS
Exploits0References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 3:2 a.m.16 views

Malicious code in vitest-pro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39810890a1ffc946b3da439738fb619eab1613a775a308d6f248b80b38ce5603 Package vitest-pro is a namespace-abuse lure: its name suggests a vitest extension, but its source tree, README, and main entry lib/nodemailer.js are...

5.3AI score
Exploits0References2
OSV
OSV
added 2026/06/16 3:2 a.m.9 views

MAL-2026-5862 Malicious code in vitest-pro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39810890a1ffc946b3da439738fb619eab1613a775a308d6f248b80b38ce5603 Package vitest-pro is a namespace-abuse lure: its name suggests a vitest extension, but its source tree, README, and main entry lib/nodemailer.js are...

5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-49778

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description The macOS Swift exec feature contains an allowlist bypass. The issue occurs because the system fails to account for combined POSIX inline-command flags, which are shorthand ways of grouping...

9.8CVSS5.6AI score0.0024EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.8 views

PT-2026-49770

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description An argument pattern validation bypass exists in the exec allowlist on Linux and macOS systems. When tools.exec.security is set to allowlist, the system skips argPattern checks and treats a...

8.3CVSS5.3AI score0.00347EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.8 views

Mozilla Thunderbird < 140.12

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-61 advisory. - Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152,...

9.6CVSS6AI score0.00476EPSS
Exploits0References30
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.28 views

Google Chrome < 149.0.7827.155 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 149.0.7827.155. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop01750511403 advisory. - Use after free in Extensions in Google Chrome prior to...

9.6CVSS6AI score0.00601EPSS
Exploits0References67
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.6 views

Mozilla Firefox ESR < 115.37

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.37. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-59 advisory. - Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 1...

9.6CVSS6.2AI score0.00476EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.6 views

Mozilla Firefox ESR < 140.12

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 140.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-58 advisory. - Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird...

9.6CVSS6.2AI score0.00476EPSS
Exploits0References30
Adobe
Adobe
added 2026/06/16 12:0 a.m.13 views

APSB26-67 : Security update available for Adobe DNG SDK

Adobe has released an update for the Adobe DNG Software Development Kit SDK for Windows and macOS. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution and memory exposure...

6.2AI score
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/15 9:30 p.m.12 views

EUVD-2026-36791

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS5.3AI score0.00115EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2026-11931

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS0.00115EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 6:33 p.m.85 views

CVE-2026-11931

CVE-2026-11931 affects Kiro IDE on macOS and Linux prior to version 0.11.133, where the authentication token cache file could be world-readable (0644) instead of owner-restricted (0600). This may allow other local users/processes to access cached tokens. Remediation: upgrade to Kiro IDE 0.11.133 ...

6.8CVSS5.3AI score0.00115EPSS
Exploits0References2
Rows per page
Query Builder