266 matches found
CVE-2025-65843
Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside the /Library/Logs/Aquarius directory and treats them as regular files. When building the support ZIP, Aquarius...
CVE-2025-65842
The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...
CVE-2025-65841
Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file /Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate...
CVE-2025-65841
Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file /Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate...
CVE-2025-65841
Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file /Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate...
CVE-2025-65843
Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside the /Library/Logs/Aquarius directory and treats them as regular files. When building the support ZIP, Aquarius...
CVE-2025-65842
CVE-2025-65842 concerns the Aquarius HelperTool (1.0.003) on macOS. The Privileged XPC service accepts local connections without validating the client’s identity, and its authorization logic calls AuthorizationCopyRights with a NULL reference, causing all authorization checks to succeed. The exec...
Plugin Alliance Aquarius Desktop 安全漏洞
Plugin Alliance Aquarius Desktop is an audio plugin management software from Plugin Alliance, Inc. A security vulnerability exists in Plugin Alliance Aquarius Desktop version 3.0.069 that stems from the use of a weak obfuscation scheme to store user authentication credentials, which could lead to...
CVE-2025-65842
The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...
CVE-2025-65841
Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file /Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate...
Plugin Alliance Aquarius HelperTool 安全漏洞
Plugin Alliance Aquarius HelperTool is an audio plugin helper tool from Plugin Alliance, Inc. A security vulnerability exists in Plugin Alliance Aquarius HelperTool version 1.0.003, which stems from the XPC service not validating the client's identity and flawed authorization logic, which could...
CVE-2025-65842
The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...
CVE-2025-65841
Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file /Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate...
Plugin Alliance Aquarius Desktop 安全漏洞
Plugin Alliance Aquarius Desktop is an audio plugin management software from Plugin Alliance, Inc. A security vulnerability exists in Plugin Alliance Aquarius Desktop version 3.0.069, which stems from the Supported Data Archiving feature not properly handling symbolic links, which could lead to...
PT-2025-48966
Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file /Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate...
CVE-2025-65841
Summary of CVE-2025-65841 : Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in a local file at ~/Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is “encrypted” via predictable byte-substitution that is trivially revers...
PT-2025-48950
Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside the /Library/Logs/Aquarius directory and treats them as regular files. When building the support ZIP, Aquarius...
CVE-2025-65843
Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation. The product follows symbolic links placed in ~/Library/Logs/Aquarius and treats them as regular files. While building the support ZIP, a JUCE directory iterator configured t...
EUVD-2025-178070
Malicious code in lint-staged-gemini-aquarius-superagent npm...
Malicious code in aquarius-slidev-equinox-procyon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa0b4b93c5880a11a602e472cc9f2c1f1a2fb41779b5d28d02295ae6d2c12554 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...