10 matches found
PT-2026-47613
Name of the Vulnerable Software and Affected Versions anyquery version 0.4.4 Description The chrome tabs plugin including Brave, Edge, and Safari variants allows for AppleScript and JXA code injection on macOS hosts. The issue occurs because a SQL-controlled url value is interpolated directly int...
EUVD-2026-18957
Electron: AppleScript injection in app.moveToApplicationsFolder on macOS...
GHSA-5RQW-R77C-JP79 Electron: AppleScript injection in app.moveToApplicationsFolder on macOS
Impact On macOS, app.moveToApplicationsFolder used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the...
EUVD-2025-19900
Malicious code in bioql PyPI...
CVE-2025-34089
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application is configured with authentication disabled i.e., the "Allow unknown devices" option is enabled, t...
CVE-2025-34089
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application is configured with authentication disabled i.e., the "Allow unknown devices" option is enabled, t...
CVE-2025-34089
Remote for Mac (Aexol Studio) is affected by an unauthenticated RCE in versions up to 2025.7 when authentication is disabled. The /api/executeScript endpoint is exposed without access control, allowing an unauthenticated attacker to inject AppleScript payloads via the X-Script header and trigger ...
CVE-2025-34089 Remote for Mac Unauthenticated Remote Code Execution via AppleScript Injection
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application is configured with authentication disabled i.e., the "Allow unknown devices" option is enabled, t...
CVE-2025-34089 Remote for Mac Unauthenticated Remote Code Execution via AppleScript Injection
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application is configured with authentication disabled i.e., the "Allow unknown devices" option is enabled, t...
PT-2025-27829
Name of the Vulnerable Software and Affected Versions Remote for Mac versions prior to 2025.7 Description An unauthenticated remote code execution issue exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio. When the application is configured with authentication...