CVE-2026-40279

BACnet Stack (open-source C library for embedded systems) contains a defect in decode_signed32() in src/bacnet/bacint.c where reconstructing a 32-bit signed integer from four APDU bytes via signed left shifts can overflow signed int32_t when any byte has bit 7 set (>= 0x80). This undefined beh...

UBUNTU-CVE-2025-15523

MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...

CVE-2025-15523 TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app

MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...

CVE-2025-15523

The CVE-2025-15523 issue affects the MacOS version of Inkscape. A Python interpreter bundled with Inkscape inherits the app’s user-granted TCC permissions, enabling a local attacker to invoke the interpreter to run arbitrary commands or scripts and access files in privacy-protected folders withou...