33085 matches found
Apple Security Advisory 06-29-2026-2
Apple Security Advisory 06-29-2026-2 - macOS Tahoe 26.5.2 addresses double free, out of bounds access, out of bounds write, and use-after-free vulnerabilities...
Mozilla Firefox < 152.0.4
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 152.0.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2026-62 advisory. - Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presu...
DEBIAN-CVE-2026-14424
Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-12374
Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...
EUVD-2026-41001
Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...
CVE-2026-12374
CVE-2026-12374 affects the macOS PrivilegedHelperTool in Cato Client prior to v5.13.1. The issue combines improper XPC caller certificate validation with a TOCTOU race, allowing a local authenticated attacker to escalate to root by using a self-signed certificate that bypasses XPC caller verifica...
Chrome needs another whopper update to fix 382 security bugs
If there was ever a time when it dawned on users how full of holes the software they’ve been using is, it’s now. Last month Microsoft pushed out its biggest patch Tuesday update ever. And yesterday, on the last day of June, Google published an update which included a whopping 382 security fixes...
EUVD-2026-40719
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Low...
EUVD-2026-40600
Inappropriate implementation in Passwords in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: Medium...
EUVD-2026-40564
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40566
Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
PT-2026-54619
Name of the Vulnerable Software and Affected Versions Cato Client versions prior to 5.13.1 Description The PrivilegedHelperTool XPC service on macOS contains improper certificate validation and a time-of-check time-of-use TOCTOU race condition. A TOCTOU race condition occurs when a program checks...
Mozilla Thunderbird < 140.12.1
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.12.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-64 advisory. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content,...
Linux Distros Unpatched Vulnerability : CVE-2026-13944
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in DataTransfer in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific...
DEBIAN-CVE-2026-13792
Use after free in Touchbar in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-14101
Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14025
Use after free in Views in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...
CVE-2026-13878
CVE-2026-13878: A use-after-free in Bluetooth in Google Chrome on macOS (before 150.0.7871.47) could allow a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. Affected product: Google Chrome on macOS; root cause: use-after-free in ...
PT-2026-54082
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in the GFX component of Google Chrome on Mac. This occurs when the software continues to use a memory location after it has been freed, which can be...
Amazon Kiro IDE < 0.11.133 Incorrect Default Permissions
The version of Amazon Kiro IDE installed on the remote host is prior to 0.11.133. It is, therefore, affected by an information disclosure vulnerability. - Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other...