CVE-2025-14714

An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with...

CVE-2025-14714

CVE-2025-14714 affects LibreOffice on macOS (25.2.x) prior to 25.2.4. The root cause is an Authentication Bypass where the application bundles a Python interpreter that inherits the user’s TCC permissions; executing the bundled interpreter directly causes attacker scripts to run with the applicat...

EUVD-2025-203361

An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with...

CVE-2025-14714 TCC Bypass via Inherited Permissions in Bundled Interpreter

An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with...

CVE-2025-14021

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content...

PT-2025-51290

Name of the Vulnerable Software and Affected Versions Wp2Fac version 1.0 Description The software contains an OS command injection issue in the send.php endpoint. This allows remote attackers to execute arbitrary system commands. The issue occurs because attackers can inject shell commands throug...

CVE-2025-43519

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access sensitive user data...

CVE-2025-43510

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may cause unexpect...

CVE-2025-36744

SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader loop. While the device repeatedly initializes and waits for boot instructions, the bootloader emits diagnostic output this behavior can leak operating system information...

CVE-2025-13506

Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database.This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1...

Remote Code Execution (RCE)

redaxo/source is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of template content allowing PHP code injection, which allows an attacker to execute arbitrary operating system commands when the template is rendered...

CVE-2025-14586

CVE-2025-14586 affects TOTOLINK X5000R 9.1.0cu.2089_B20211224. The vulnerability is in snprintf in /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user, where manipulation of the User argument leads to an OS command injection. Remote exploitation is possible and has been publicly disclosed. Connected...

TOTOLINK X5000R 操作系统命令注入漏洞

TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK X5000R version 9.1.0cu.2089B20211224, which stems from incorrect operation of the parameter User in the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user, which could...

CVE-2025-43530

This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access sensitive user data...

CVE-2025-43516

A session management issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. A user with Voice Control enabled may be able to transcribe another user's activity...

CVE-2025-43437

An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to fingerprint the user...

CVE-2025-43465

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

CVE-2025-43437

An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to fingerprint the user...

CVE-2025-43466

An injection issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

CVE-2025-43351

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data...