Lucene search
K

32960 matches found

OSV
OSV
added 2026/03/18 2:16 a.m.2 views

CVE-2026-22179

OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution...

6.6CVSS6.2AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 1:34 a.m.2 views

CVE-2026-22179

OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution...

7.5CVSS6.2AI score0.0063EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/18 1:34 a.m.2 views

CVE-2026-22179 OpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.run

OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution...

7.5CVSS6.2AI score0.0063EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/18 1:34 a.m.28 views

CVE-2026-22179 OpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.run

OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution...

7.5CVSS0.0063EPSS
Exploits1References3
CVE
CVE
added 2026/03/18 1:34 a.m.10 views

CVE-2026-22179

OpenClaw affected: macOS node-host system.run, versions prior to 2026.2.22. The root cause is an improper parsing of command substitution tokens that enables an allowlist bypass. Remote attackers could craft shell payloads using command substitution inside double-quoted text to execute non-allowl...

7.5CVSS6.2AI score0.0063EPSS
Exploits1References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/03/18 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-31277

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption...

8.8CVSS5.8AI score0.01481EPSS
In wildExploits2References4
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.10 views

PT-2026-26067

When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...

8.2CVSS5.9AI score0.00127EPSS
Exploits1References5
OSV
OSV
added 2026/03/17 11:16 p.m.5 views

DEBIAN-CVE-2026-20643

A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously...

5.4CVSS5.8AI score0.00354EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.5 views

PT-2026-25953

Apple WebKit and Safari versions prior to iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, macOS 26.3.2, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, and iOS 18.7.7 and iPadOS 18.7.7 A cross-origin vulnerability exists within the WebKit Navigation API. Processing maliciously crafted web conten...

9.4CVSS6.1AI score0.00354EPSS
Exploits2References186
GithubExploit
GithubExploit
added 2026/03/16 5:11 p.m.159 views

Exploit for Race Condition in Canonical Ubuntu_Linux

Dillu-Analyzer 🛡️ Dillu Analyzer — A web-based universal malwa...

9.3CVSS5.8AI score0.99945EPSS
Exploits131
The Hacker News
The Hacker News
added 2026/03/16 11:41 a.m.4 views

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. "Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands –...

6.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/13 12:58 p.m.5 views

[updated] Google patches two Chrome zero-days under active attack

Update March 16, 2026 Earlier this week, Google incorrectly reported that an actively exploited vulnerability in Chrome had been fixed, and has now announced it will roll out a new update to protect users against the vulnerability tracked as CVE-2026-3909. Original content: Google has released an...

8.8CVSS6.7AI score0.02EPSS
Exploits1
NVD
NVD
added 2026/03/12 1:15 a.m.7 views

CVE-2023-43010

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption...

8.8CVSS0.00885EPSS
Exploits0References19
CVE
CVE
added 2026/03/12 12:52 a.m.47 views

CVE-2023-43010

CVE-2023-43010 stems from a WebKit/Web content memory handling issue that could lead to memory corruption. Affected products include Apple WebKit/WebKit-based components in iOS, iPadOS, and macOS (e.g., Safari) with reported impact when processing malicious web content. The issue is mitigated by ...

8.8CVSS5.8AI score0.00885EPSS
Exploits0References19Affected Software4
Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.4 views

Google Chrome < 146.0.7680.75 Vulnerability

The version of Google Chrome installed on the remote macOS host is prior to 146.0.7680.75. It is, therefore, affected by a vulnerability as referenced in the 202603stable-channel-update-for-desktop12 advisory. - Inappropriate implementation in V8. CVE-2026-3910 Note that Nessus has not tested for...

8.8CVSS6.2AI score0.02EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

Apple多款产品 安全漏洞

Apple Safari, among others, are products of the American company Apple. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad...

8.8CVSS6.9AI score0.00885EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/11 9:11 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in...

8.7CVSS5.8AI score0.02818EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 6:30 p.m.4 views

EUVD-2026-11249

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...

6.7CVSS5.8AI score0.00144EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:2 p.m.3 views

CVE-2026-0230

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...

6.7CVSS5.8AI score0.00144EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24754

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...

6.7CVSS5.8AI score0.00144EPSS
Exploits0References4
Rows per page
Query Builder