EUVD-2023-30610

Malicious code in bioql PyPI...

EUVD-2024-52779

Malicious code in bioql PyPI...

CVE-2024-55950

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds...

CVE-2024-55950

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds...

CVE-2024-55950

Tabby (formerly Terminus) prior to version 1.0.216 is affected by a vulnerability caused by overly permissive entitlements that enable dangerous capabilities (camera, microphone, and access to personal folders) through Apple Events, plus entitlements that can permit code injection. The root cause...

CVE-2024-55950 Tabby has a TCC Bypass via Unnecessary Permissive Entitlements in Tabby

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds...

CVE-2024-45599

CVE-2024-45599 affects Cursor prior to 0.41.0 on macOS. If a user has granted Cursor access to the camera or microphone, an attacker could leverage a DyLib Injection via the DYLD_INSERT_LIBRARIES environment variable to allow any running program on the machine to access those peripherals, bypassi...

CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

CVE-2024-37885

CVE-2024-37885 concerns the Nextcloud Desktop Client for macOS. A code injection vulnerability allows loading arbitrary code when the client is launched with the environment variable DYLD_INSERT_LIBRARIES set, as reported for versions prior to 3.12.0. The issue stems from how the macOS client han...

CVE-2024-37885 Code injection in Nextcloud Desktop Client for macOS

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

CVE-2024-37885 Code injection in Nextcloud Desktop Client for macOS

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

CVE-2023-7224

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLDINSERTLIBRARIES environment variable...

Code injection

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLDINSERTLIBRARIES environment variable...

CVE-2023-7224

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLDINSERTLIBRARIES environment variable...

CVE-2023-7224

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLDINSERTLIBRARIES environment variable...

CVE-2023-7224

The CVE-2023-7224 issue affects OpenVPN Connect on macOS, version 3.0–3.4.6. The vulnerability arises when a local user can cause execution of code in external third‑party libraries via the DYLD_INSERT_LIBRARIES environment variable, indicating a local code‑execution risk. Documents confirm the a...

CVE-2023-40299

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLDINSERTLIBRARIES environment variable...

CVE-2023-40299

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLDINSERTLIBRARIES environment variable...

Code injection

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLDINSERTLIBRARIES environment variable...