Lucene search
K

13686 matches found

CVE
CVE
added yesterday8 views

CVE-2026-13998

Impact: Affected software is Google Chrome on macOS. The vulnerability stems from an incorrect security UI in the File Input component, enabling UI spoofing when a user is induced to perform specific UI gestures via a crafted HTML page. Root cause: flawed security UI handling in Chrome/Chromium’s...

4.2CVSS5.8AI score
Exploits0References2Affected Software1
CVE
CVE
added 2 days ago9 views

CVE-2026-43706

CVE-2026-43706 is a memory-management defect (double free) in libxslt affecting macOS Tahoe 26.5.2, iOS 26.5.2, and iPadOS 26.5.2. The root cause is a double-free in processing malicious web content, which may cause an unexpected process crash. Apple lists libxslt as the vulnerable component with...

6.5CVSS5.8AI score0.00182EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2 days ago10 views

CVE-2026-43742

CVE-2026-43742 describes a use-after-free vulnerability tied to processing malicious web content, addressed by memory-management fixes in Safari 26.5.2, iOS 26.5.2 / iPadOS 26.5.2, and macOS Tahoe 26.5.2. Connected sources enumerate affected components including WebKit (and WebKit subareas like W...

6.5CVSS5.8AI score0.0025EPSS
Exploits0References3Affected Software4
Talos
Talos
added 2026/06/23 12:0 a.m.11 views

Google Chrome AddGenericPassword infomation overwrite vulnerability

Summary An infomation overwrite vulnerability exists in the AddGenericPassword functionality of Chrome 148.0.7778.216 Mac arm64. A keychain write from a same-user process can overwrite Chrome’s encryption key, leading to disclosure of sensitive information. An attacker can make a specially crafte...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 10:38 p.m.9 views

Malicious code in web3-token-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...

5.8AI score
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Thunderbird

When saving or opening an email attachment on macOS, Thunderbird did not set the “com.apple.quarantine” attribute on the received file. If the received file was an application and the user attempted to open it, the application would be started immediately, without asking the user to confirm. This...

7.8CVSS6.7AI score0.00215EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in WebKit2GTK

A memory corruption issue has been resolved through improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4, and iPadOS 16.4, as well as iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report...

8.8CVSS8.6AI score0.22951EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in WebKit2GTK

This issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, and watchOS 10.5. A maliciously crafted webpage may be able to obtain user fingerprints...

6.5CVSS7AI score0.00732EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in WebKit2GTK

A port redirection issue has been resolved with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4, and iPadOS 14.4, as well as Safari 14.0.3. A malicious website may be able t...

6.5CVSS6.9AI score0.01771EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 6:58 p.m.25 views

CVE-2026-42890

CVE-2026-42890 affects the macOS desktop application Actual (version 25.x, Electron 39.2.7). The ELECTRON_RUN_AS_NODE fuse was not disabled, allowing a local attacker who can place a file on disk or influence command-line arguments to invoke Actual.app with ELECTRON_RUN_AS_NODE=1. This converts t...

4.8CVSS5.6AI score0.00126EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:58 p.m.28 views

CVE-2026-42890 actual Allows Electron to Run As Node

Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...

4.8CVSS0.00126EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-49009

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.56 Description A heap buffer out-of-bounds read occurs in the antivirus engine when scanning a malformed PDF file. This issue may lead to local execution of code or a denial-of-service of the engine...

7.8CVSS5.7AI score0.00131EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 8:48 p.m.23 views

CVE-2026-12022

The vulnerability CVE-2026-12022 affects Google Chrome on macOS, where a race in Safe Browsing could allow a renderer‑process–hijacked attacker to escape the sandbox via a malicious file. The issue is tied to Chrome versions prior to 149.0.7827.115; evidence from ENISA/EUVD and Chrome security no...

8.3CVSS5.5AI score0.00166EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/11 7:16 p.m.11 views

CVE-2025-46313

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

5.5CVSS0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 6:47 p.m.7 views

EUVD-2025-210115

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

5.5CVSS5.4AI score0.00122EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 6:47 p.m.7 views

EUVD-2025-210114

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox...

8.8CVSS5.4AI score0.00127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.11 views

CVE-2026-24067

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...

8.4CVSS5.4AI score0.00131EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 p.m.10 views

CVE-2026-0271

A privilege escalation PE vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

8.5CVSS0.00107EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 p.m.9 views

CVE-2026-0267

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

6.9CVSS0.0011EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:16 p.m.7 views

CVE-2022-26758

A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4...

7.1CVSS0.00099EPSS
Exploits0References2
Rows per page
Query Builder