Mattermost Desktop < 6.0.0 (macOS) (MMSA-2025-00504)

The version of Mattermost Desktop installed on the remote host is prior to 6.0.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00504 advisory: - Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged fo...

PT-2025-48949

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a RESTRICT segment, a local user may exploit the DYLD INSERT LIBRARIES environment...

CVE-2025-62686

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a RESTRICT segment, a local user may exploit the DYLDINSERTLIBRARIES environment...

CVE-2025-12792

The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC Transparency, Consent, and Control permissions assigned to Canva...

CVE-2025-12792

CVE-2025-12792 describes a vulnerability in the Mac App Store distribution of the Canva for Mac desktop app prior to 1.117.1. The issue stems from the app being built without Hardened Runtime, enabling a local threat actor with unprivileged access to execute arbitrary code that inherits the app’s...

CVE-2024-11128

A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection DYLD injection without being blocked by AppleMobileFileIntegrity AMFI. This issue is caused by the absence of Hardened Runtime or Library Validation signing...