CVE-2024-41138

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams work or school 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject...

CVE-2019-12137

Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note...

EUVD-2021-27023

Malware in sbrugna...

EUVD-2017-8960

Malware in sbrugna...

EUVD-2024-54673

Malicious code in bioql PyPI...

EUVD-2023-32662

Malicious code in bioql PyPI...

EUVD-2024-49970

Malicious code in bioql PyPI...

CVE-2025-10906

A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can...

CVE-2025-4232

CVE-2025-4232 (Palo Alto Networks GlobalProtect on macOS) is an privilege-escalation flaw in the log collection feature caused by improper neutralization of wildcards. The issue affects GlobalProtect app versions on macOS prior to 6.2.8-h2 (and 6.3.x prior to 6.3.3 per Nessus plugin) and can allo...

CVE-2023-29059

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX...

Sand Studio AirDroid Installed (macOS)

Binary data airdroidmacinstalled.nbin...

CVE-2025-2098 Dylib Hijacking in Fast CAD Reader

Fast CAD Reader application on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users...

CVE-2025-1413

DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...

CVE-2025-21606

CVE-2025-21606 affects the macOS Stats application. The vulnerable component is the Mach service eu.exelban.Stats.SMC.Helper, exposed via XPC. The root cause is shouldAcceptNewConnection unconditionally returning YES, allowing any XPC client to connect and invoke privileged methods on the HelperT...

Adobe Bridge < 14.1.3 Multiple Vulnerabilities (APSB24-77)

The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 14.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-77 advisory. - Out-of-bounds Read CWE-125 potentially leading to Memory leak CVE-2024-45147 - NULL Pointer Dereference...

CVE-2023-29059

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX...

CVE-2023-29059

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX...

Telegram Stack Overflow Vulnerability (CNVD-2021-38308)

Telegram is an instant messaging mobile application. A stack overflow vulnerability exists in the custom derived graysplitcubic function of the Rlottie library for Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior to 7.1. An attacker can exploit this...

PT-2021-6626 · Adobe · Adobe Creative Cloud Desktop Application

Name of the Vulnerable Software and Affected Versions: Adobe Creative Cloud Desktop Application for macOS version 5.3 and earlier Description: The issue is related to insufficient input validation in the Adobe Creative Cloud Desktop Application, which could allow an attacker to escalate privilege...

Safari Type Confusion / Sandbox Escape Exploit

This Metasploit module exploits an incorrect side-effect modeling of the 'in' operator. The DFG compiler assumes that the 'in' operator is side-effect free, however the embed element with the PDF plugin provides a callback that can trigger side-effects leading to type confusion CVE-2020-9850. The...