37 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-15523
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main...
SUSE CVE-2025-15523
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...
CVE-2025-15523
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...
CVE-2025-15523
The CVE-2025-15523 issue affects the MacOS version of Inkscape. A Python interpreter bundled with Inkscape inherits the app’s user-granted TCC permissions, enabling a local attacker to invoke the interpreter to run arbitrary commands or scripts and access files in privacy-protected folders withou...
PT-2026-3942
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...
Inkscape security vulnerabilities
Inkscape is an open-source graphic editor. Versions of Inkscape prior to 1.4.3 have security vulnerabilities. This vulnerability stems from the Python interpreter bundled with Inkscape inheriting TCC permissions from the main application, which may allow local users to access files in...
CVE-2025-64723
Summary: Arduino IDE for macOS prior to 2.3.7 had overly permissive security entitlements that could bypass the macOS Hardened Runtime protections, enabling an attacker to inject malicious dynamic libraries into the process and access all TCC permissions granted to the app. Impact (as stated): by...
EUVD-2025-203922
Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder...
CVE-2025-13326
Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder...
CVE-2025-13326
CVE-2025-13326 affects Mattermost Desktop App on macOS versions prior to 6.0.0, failing to enable the Hardened Runtime in Mac App Store builds. This allows an attacker to inherit TCC permissions by copying the binary to a temporary folder. Affected component is the Mattermost Desktop App binary; ...
Mattermost Desktop App 安全漏洞
Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App versions prior to 6.0.0, which stems from the failure to enable the hardened runtime when packaging for the Mac App Store, and could result in inheriting TCC...
CVE-2025-12792
The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC Transparency, Consent, and Control permissions assigned to Canva...
CVE-2025-12792
The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC Transparency, Consent, and Control permissions assigned to Canva...
CVE-2025-12792
The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC Transparency, Consent, and Control permissions assigned to Canva...
CVE-2025-12792
CVE-2025-12792 describes a vulnerability in the Mac App Store distribution of the Canva for Mac desktop app prior to 1.117.1. The issue stems from the app being built without Hardened Runtime, enabling a local threat actor with unprivileged access to execute arbitrary code that inherits the app’s...
EUVD-2023-44891
Malicious code in bioql PyPI...
EUVD-2025-16108
Malicious code in bioql PyPI...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Downloader.xpc service. A local unprivileged attacker can access and copy files protected by TCC permissions by registering the service globally and exploiting the lack of client validation. Workaround Th...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Downloader.xpc service. A local unprivileged attacker can access and copy files protected by TCC permissions by registering the service globally and exploiting the lack of client validation. Workaround Th...
CVE-2025-10015
The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the application. Lack of validation of connecting client...