Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.3 and earlier contained a security vulnerability caused by an authorization issue, which could allow applications to access sensitive user data...

PT-2026-7672

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the use...

PT-2026-7767

Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.3 Description A permissions issue existed where an application could potentially access protected user data. This was addressed through the implementation of additional restrictions. Recommendations Update to...

PT-2026-7792

Name of the Vulnerable Software and Affected Versions macOS versions prior to 26.3 Description An authorization issue existed due to improved state management. This allowed an application to potentially access sensitive user data. Recommendations Update to macOS version 26.3...

PT-2026-7778

Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.3 Description An application may be capable of accessing sensitive user data due to insufficient data protection mechanisms. Recommendations Update to macOS Tahoe 26.3...

PT-2026-7766

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.3 and earlier contained a security vulnerability caused by permission issues, which could allow applications to access protected user data...

PT-2026-7760

Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.3 Description A permissions issue existed where an application could potentially access protected user data. The issue was resolved by removing the vulnerable code. Recommendations Update to macOS Tahoe 26.3...

PT-2026-27579

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.3 iPadOS versions prior to 26.3 macOS versions prior to Tahoe 26.3 Description An issue existed where an application could potentially access protected user data due to insufficient permissions restrictions...

CLSA-2026-1770735752 expat: Fix of CVE-2026-24515

CVE-2026-24515: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers...

CLSA-2026-1770734875 expat: Fix of CVE-2026-24515

CVE-2026-24515: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers...

CLSA-2026-1770734305 expat: Fix of CVE-2026-24515

CVE-2026-24515: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers...

CLSA-2026-1770648617 expat: Fix of CVE-2026-24515

CVE-2026-24515: make XMLExternalEntityParserCreate copy unknown encoding handler user data...

CVE-2026-1868 Improper Neutralization of Special Elements Used in a Template Engine in GitLab AI Gateway

GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted D...

EUVD-2026-5579

DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...

CVE-2026-2064 Portabilis i-Educar User Data meusdadod.php cross site scripting

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the atta...

CVE-2026-2064 Portabilis i-Educar User Data meusdadod.php cross site scripting

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the atta...

CVE-2026-2064

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the atta...

EUVD-2026-5595

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the atta...

CLSA-2026-1770395482 Fix CVE(s): CVE-2026-24515

SECURITY UPDATE: XMLExternalEntityParserCreate does not copy unknown encoding handler user data - debian/patches/CVE-2026-24515.patch: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers - CVE-2026-24515...