855 matches found
CVE-2026-33874
Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik...
CVE-2026-32016
OpenClaw on macOS versions prior to 2026.2.22 contains a path validation bypass in the exec-approval allowlist mode. This allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries, enabling same-name local binaries (e.g., ./echo) to run without approval...
Google Chrome < 146.0.7680.75 Vulnerability
The version of Google Chrome installed on the remote macOS host is prior to 146.0.7680.75. It is, therefore, affected by a vulnerability as referenced in the 202603stable-channel-update-for-desktop12 advisory. - Inappropriate implementation in V8. CVE-2026-3910 Note that Nessus has not tested for...
Palo Alto Networks Cortex XDR Broker VM 安全漏洞
Palo Alto Networks Cortex XDR Broker VM is a secure virtual machine developed by Palo Alto Networks. It integrates with Cortex XDR and can bridge networks with Cortex XDR. There is a security vulnerability in the Palo Alto Networks Cortex XDR agent. This vulnerability stems from issues with the...
Acronis Cyber Protect和Acronis Cyber Protect Cloud Agent 安全漏洞
Acronis Cyber Protect and Acronis Cyber Protect Cloud Agent are both products of Swiss company Acronis. Acronis Cyber Protect is an integrated network protection solution for businesses and enterprises. It combines features such as backup, anti-malware, network security, and endpoint management...
SUSE CVE-2026-24051
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...
CVE-2026-3102
A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be...
CVE-2026-2629
A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.3 and earlier contained a security vulnerability caused by improper handling of temporary files, which could allow applications to access sensitive user data...
Adobe Lightroom Classic < 15.1.1 Arbitrary code execution (APSB26-06) (macOS)
The version of Adobe Lightroom Classic installed on the remote macOS host is prior to 15.1.1. It is, therefore, affected by a vulnerability as referenced in the APSB26-06 advisory. - Out-of-bounds Write CWE-787 potentially leading to Arbitrary code execution CVE-2026-21349 Note that Nessus has no...
CVE-2026-24070
During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...
Mozilla Firefox < 147.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 147.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-01 advisory. - Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory...
CVE-2018-4285
A type confusion issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6...
CVE-2018-4403
This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1...
CVE-2018-4289
An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6...
CVE-2021-41388
Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods...
CVE-2020-24559
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as roo...
CVE-2023-25133
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote...
CVE-2022-27904
Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use TOCTOU race-condition attack during the agent install process...
CVE-2019-16519
ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks...