Lucene search
+L

414 matches found

Vulnrichment
Vulnrichment
added 2025/07/29 11:28 p.m.1 views

CVE-2025-43184

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.4. A shortcut may be able to bypass sensitive Shortcuts app settings...

5.6AI score0.00689EPSS
Exploits0References3
CVE
CVE
added 2025/07/29 11:28 p.m.21 views

CVE-2025-43184

CVE-2025-43184 affects macOS Shortcuts settings handling. The issue involves bypassing sensitive Shortcuts app settings, which was addressed by adding an additional user-consent prompt. Apple patches are available in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, and macOS Sequoia 15.4. The underlyin...

9.8CVSS5.8AI score0.00689EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/07/29 11:28 p.m.9 views

CVE-2025-43184

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A shortcut may be able to bypass sensitive Shortcuts app settings...

0.00689EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/25 12:26 p.m.6 views

CVE-2024-12310

A vulnerability in Imprivata Enterprise Access Management formerly Imprivata OneSign allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlying Windows system through the already logged-in autologon account due to insufficient handling of...

7CVSS7.2AI score0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/23 11:53 a.m.3 views

CVE-2024-12310 Bypass of Login Screen on Shared Kiosk Workstations

A vulnerability in Imprivata Enterprise Access Management formerly Imprivata OneSign allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlying Windows system through the already logged-in autologon account due to insufficient handling of...

7CVSS6.5AI score0.00174EPSS
Exploits0References1
CVE
CVE
added 2025/07/23 11:53 a.m.16 views

CVE-2024-12310

CVE-2024-12310 concerns Imprivata Enterprise Access Management (formerly Imprivata OneSign). Connected documents confirm a vulnerability where insufficient handling of keyboard shortcuts allows bypassing the shared kiosk login screen and gaining unauthorized access to the underlying Windows syste...

7CVSS6.5AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/23 11:53 a.m.12 views

CVE-2024-12310 Bypass of Login Screen on Shared Kiosk Workstations

A vulnerability in Imprivata Enterprise Access Management formerly Imprivata OneSign allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlying Windows system through the already logged-in autologon account due to insufficient handling of...

7CVSS0.00174EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.5 views

Imprivata Enterprise Access Management 授权问题漏洞

Imprivata Enterprise Access Management is an identity and access management system from Imprivata Corporation, USA. An authorization issue vulnerability exists in Imprivata Enterprise Access Management versions 5.3 through 24.2, which stems from insufficient handling of keyboard shortcuts and cou...

7CVSS6.7AI score0.00174EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/06/18 3:41 p.m.20 views

New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains

A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails. The ongoing campaign has been codenamed SERPENTINECLOUD by Securonix. It leverages "the Cloudflare Tunnel infrastructure and Python-based...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:9 a.m.7 views

CVE-2024-40834

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive Shortcuts app settings...

4.4CVSS5.8AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:9 a.m.5 views

CVE-2024-40833

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user...

6.2CVSS5.8AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:9 a.m.6 views

CVE-2024-40835

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the us...

5.5CVSS5.8AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:46 a.m.5 views

CVE-2024-27855

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. A shortcut may be able to use sensitive data with certain actions without prompting the user...

8.8CVSS7.1AI score0.00718EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:49 a.m.7 views

CVE-2023-32442

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. A shortcut may be able to modify sensitive Shortcuts app settings...

5.5CVSS5.7AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:18 a.m.5 views

CVE-2023-27963

The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the use...

7.5CVSS6.2AI score0.00807EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:9 a.m.7 views

CVE-2023-21177

In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5.3AI score0.00087EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:13 a.m.10 views

CVE-2022-44561

The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction...

7.5CVSS7AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:15 p.m.7 views

CVE-2021-1831

The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files...

5.5CVSS5.8AI score0.0097EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:34 p.m.10 views

CVE-2020-36408

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module...

5.4CVSS5.6AI score0.00473EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2025/05/21 12:0 a.m.21 views

The vulnerability of the macOS operating system’s Shortcuts component allows a hacker to bypass existing security restrictions and execute arbitrary code.

The vulnerability of the macOS operating system’s Shortcuts component is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute arbitrary code by sending specially crafted...

10CVSS5.9AI score
Exploits0References1Affected Software1
Rows per page
Query Builder