EUVD-2025-16379

Malicious code in bioql PyPI...

CVE-2025-4081

Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassi...

CVE-2025-4081

The CVE-2025-4081 entry concerns a TCC bypass in DaVinci Resolve for macOS caused by using the entitlement com.apple.security.cs.disable-library-validation and missing launch/library-load constraints, enabling local unprivileged attackers to substitute a legitimate dylib with a malicious one. The...

CVE-2025-4081 TCC Bypass via Dylib Substitution in DaVinci Resolve

Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassi...

CVE-2025-1413

DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...

CVE-2025-1413

DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...

CVE-2025-1413 Dylib Hijacking in DaVinci Resolve

DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...

CVE-2025-1413

CVE-2025-1413 affects DaVinci Resolve on macOS prior to 19.1.3. The root cause is incorrect file permissions (rwxrwxrwx) for the application, which can enable Dylib hijacking and privilege escalation for guest accounts, other users, and applications. The vulnerability is local, with high impact t...

CVE-2025-1413 Dylib Hijacking in DaVinci Resolve

DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...

Blackmagic Design DaVinci Resolve Code Execution Vulnerability

Blackmagic Design DaVinci Resolve is an all-in-one software tool for editing, color correction, visual effects, motion graphics and audio post-production.A code execution vulnerability exists in Blackmagic Design DaVinci Resolve, which could be exploited by attackers to execute arbitrary code in...

Blackmagic Design DaVinci Resolve Buffer Overflow Vulnerability

Blackmagic Design DaVinci Resolve is an all-in-one software tool for editing, color correction, visual effects, motion graphics and audio post-production.Blackmagic Design DaVinci Resolve 17.3.1.0005 is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute...

Vulnerability Spotlight: Vulnerabilities in DaVinci Resolve video editing software could lead to code execution

A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in the DaVinci Resolve video editing software that could allow an adversary to execute code in the context of the application. DaVinci Resolve is a... This is only...