32960 matches found
CVE-2026-22179
OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution...
CVE-2026-22179
OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution...
CVE-2026-22179 OpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.run
OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution...
CVE-2026-22179 OpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.run
OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution...
CVE-2026-22179
OpenClaw affected: macOS node-host system.run, versions prior to 2026.2.22. The root cause is an improper parsing of command substitution tokens that enables an allowlist bypass. Remote attackers could craft shell payloads using command substitution inside double-quoted text to execute non-allowl...
VulnCheck KEV: CVE-2025-31277
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption...
PT-2026-26067
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
DEBIAN-CVE-2026-20643
A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously...
PT-2026-25953
Apple WebKit and Safari versions prior to iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, macOS 26.3.2, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, and iOS 18.7.7 and iPadOS 18.7.7 A cross-origin vulnerability exists within the WebKit Navigation API. Processing maliciously crafted web conten...
Exploit for Race Condition in Canonical Ubuntu_Linux
Dillu-Analyzer 🛡️ Dillu Analyzer — A web-based universal malwa...
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. "Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands –...
[updated] Google patches two Chrome zero-days under active attack
Update March 16, 2026 Earlier this week, Google incorrectly reported that an actively exploited vulnerability in Chrome had been fixed, and has now announced it will roll out a new update to protect users against the vulnerability tracked as CVE-2026-3909. Original content: Google has released an...
CVE-2023-43010
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption...
CVE-2023-43010
CVE-2023-43010 stems from a WebKit/Web content memory handling issue that could lead to memory corruption. Affected products include Apple WebKit/WebKit-based components in iOS, iPadOS, and macOS (e.g., Safari) with reported impact when processing malicious web content. The issue is mitigated by ...
Google Chrome < 146.0.7680.75 Vulnerability
The version of Google Chrome installed on the remote macOS host is prior to 146.0.7680.75. It is, therefore, affected by a vulnerability as referenced in the 202603stable-channel-update-for-desktop12 advisory. - Inappropriate implementation in V8. CVE-2026-3910 Note that Nessus has not tested for...
Apple多款产品 安全漏洞
Apple Safari, among others, are products of the American company Apple. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad...
Allocation of Resources Without Limits or Throttling
Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in...
EUVD-2026-11249
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...
CVE-2026-0230
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...
PT-2026-24754
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...