Lucene search
+L

33085 matches found

Packet Storm News
Packet Storm News
added 2026/07/03 12:0 a.m.6 views

Apple Security Advisory 06-29-2026-2

Apple Security Advisory 06-29-2026-2 - macOS Tahoe 26.5.2 addresses double free, out of bounds access, out of bounds write, and use-after-free vulnerabilities...

9.1CVSS7AI score0.00371EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.6 views

Mozilla Firefox < 152.0.4

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 152.0.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2026-62 advisory. - Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presu...

9.8CVSS6.2AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 11:16 p.m.4 views

DEBIAN-CVE-2026-14424

Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 3:16 p.m.8 views

CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...

7.3CVSS0.00055EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 2:7 p.m.6 views

EUVD-2026-41001

Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 2:7 p.m.43 views

CVE-2026-12374

CVE-2026-12374 affects the macOS PrivilegedHelperTool in Cato Client prior to v5.13.1. The issue combines improper XPC caller certificate validation with a TOCTOU race, allowing a local authenticated attacker to escalate to root by using a self-signed certificate that bypasses XPC caller verifica...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/07/01 11:40 a.m.7 views

Chrome needs another whopper update to fix 382 security bugs

If there was ever a time when it dawned on users how full of holes the software they’ve been using is, it’s now. Last month Microsoft pushed out its biggest patch Tuesday update ever. And yesterday, on the last day of June, Google published an update which included a whopping 382 security fixes...

9.6CVSS6AI score0.00316EPSS
Exploits0
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40719

Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Low...

6.1AI score0.0026EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40600

Inappropriate implementation in Passwords in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: Medium...

5.5CVSS5.8AI score0.00113EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40564

Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.0028EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40566

Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.0028EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54619

Name of the Vulnerable Software and Affected Versions Cato Client versions prior to 5.13.1 Description The PrivilegedHelperTool XPC service on macOS contains improper certificate validation and a time-of-check time-of-use TOCTOU race condition. A TOCTOU race condition occurs when a program checks...

7.3CVSS6.1AI score0.00055EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.5 views

Mozilla Thunderbird < 140.12.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.12.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-64 advisory. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content,...

6.5CVSS6.2AI score0.00203EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-13944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in DataTransfer in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific...

3.1CVSS6.2AI score0.00174EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 p.m.5 views

DEBIAN-CVE-2026-13792

Use after free in Touchbar in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score0.00316EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.8 views

CVE-2026-14101

Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

9.6CVSS5.8AI score0.00243EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.26 views

CVE-2026-14025

Use after free in Views in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

0.00316EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:38 p.m.20 views

CVE-2026-13878

CVE-2026-13878: A use-after-free in Bluetooth in Google Chrome on macOS (before 150.0.7871.47) could allow a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. Affected product: Google Chrome on macOS; root cause: use-after-free in ...

9.6CVSS5.8AI score0.0028EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54082

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in the GFX component of Google Chrome on Mac. This occurs when the software continues to use a memory location after it has been freed, which can be...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Amazon Kiro IDE < 0.11.133 Incorrect Default Permissions

The version of Amazon Kiro IDE installed on the remote host is prior to 0.11.133. It is, therefore, affected by an information disclosure vulnerability. - Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other...

6.8CVSS6AI score0.00122EPSS
Exploits0References3
Rows per page
Query Builder