CVE-2026-42890

Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...

CVE-2026-42890 actual Allows Electron to Run As Node

Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...

EUVD-2026-36547

Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...

CVE-2026-42890

CVE-2026-42890 affects the macOS desktop application Actual (version 25.x, Electron 39.2.7). The ELECTRON_RUN_AS_NODE fuse was not disabled, allowing a local attacker who can place a file on disk or influence command-line arguments to invoke Actual.app with ELECTRON_RUN_AS_NODE=1. This converts t...

PT-2026-47558

Summary A electron run as node vulnerability was identified in actual macOS application, version 25.x Electron 39.2.7. Vulnerability Type: Electron Run As Node Description ELECTRON RUN AS NODE fuse enabled Electron 39.2.7 — app can be converted to Node.js REPL for arbitrary code execution Impact ...

PT-2026-47599

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.5.0 Description In the macOS desktop application, the ELECTRON RUN AS NODE fuse is not disabled. This allows an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app...

CVE-2026-28954

A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A maliciously crafted disk image may bypass Gatekeeper checks...

gatekeeper_wan_poc_server

This is the...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: zarf, neuvector-scanner, eksctl, helm-push, docker-cli-buildx, skaffold, docker-compose, kargo, scorecard, wolfictl, helm-operator, ctop, teleport, chartmuseum, gogatekeeper, fuse-overlayfs-snapshotter, containerd, k9s, docker, trivy, opa-envoy, helm-set-status,...

GHSA-FQW6-GF59-QR4W vulnerabilities

Vulnerabilities for packages: zarf, neuvector-scanner, eksctl, helm-push, docker-cli-buildx, skaffold, docker-compose, kargo, scorecard, wolfictl, helm-operator, ctop, teleport, chartmuseum, gogatekeeper, fuse-overlayfs-snapshotter, containerd, k9s, docker, trivy, opa-envoy, helm-set-status,...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: teleport, rancher-agent, google-osconfig-agent, steampipe, trivy, newrelic-infrastructure-agent, kargo, headlamp, kube-mgmt-fips, k8ssandra-client-fips, linkerd2-fips, cluster-api-helm-controller, kubevela, newrelic-infrastructure-agent-fips, osv-scanner,...

CVE-2026-28914

A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks...

vulnerabilities found in Apple MacOS

Apple has addressed several vulnerabilities in various versions of macOS including Sequoia, Sonoma, and Tahoe versions. These vulnerabilities involve memory management issues such as buffer overflows, use-after-free errors, out-of-bounds reads and writes, and integer overflows. These...

BIT-ARGO-WORKFLOWS-2026-42183 Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

EUVD-2026-29259

A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A maliciously crafted disk image may bypass Gatekeeper checks...

EUVD-2026-29236

A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks...

CVE-2026-28954

A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A maliciously crafted disk image may bypass Gatekeeper checks...

CVE-2026-28914

A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks...

CVE-2026-28954

A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A maliciously crafted disk image may bypass Gatekeeper checks...

CVE-2026-28954

CVE-2026-28954 describes a file-quarantine bypass where a malicious disk image could bypass Gatekeeper checks. Concrete details from connected advisories confirm affected Apple platforms and fixed versions: iOS 18.7.9 and iPadOS 18.7.9; macOS Sequoia 15.7.7; macOS Sonoma 14.8.7; macOS Tahoe 26.5....