32878 matches found
CVE-2025-43289
A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data...
EUVD-2025-209941
A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data...
CVE-2025-43289
A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data...
CVE-2025-43290
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system...
CVE-2025-43290
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system...
CVE-2025-43290
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system...
EUVD-2025-209940
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system...
CVE-2025-43290
CVE-2025-43290 describes a local permissions issue in macOS that could allow an app to modify protected parts of the file system. It is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, and macOS Tahoe 26. The available documents indicate the vulnerability is a permissions-related problem affecting...
EUVD-2025-209939
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges...
CVE-2025-46284
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges...
CVE-2025-43306
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges...
CVE-2025-43306
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges...
CVE-2025-43306
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges...
CVE-2025-46284
CVE-2025-46284 describes a race condition that was mitigated by additional input validation. Public documents identify macOS updates as fixed in Sequoia 15.7 and Tahoe 26, with the potential for an app to gain root privileges prior to the fix. The available sources do not provide exploit details ...
CVE-2025-46284
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges...
CVE-2025-46284
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges...
CVE-2025-43306
The CVE-2025-43306 entry describes a local privilege escalation due to a logic issue that was addressed by improved checks. It affects macOS Sequoia 15.7, macOS Sonoma 14.8, and macOS Tahoe 26, where a malicious app may gain root privileges. Affected component details are not specified in the pro...
CVE-2026-5843
The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the modelfile configuration field in config.json. When a model's config.json specifies a modelfile pointing to a Python...
CVE-2026-5817
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...
Exposure of Resource to Wrong Sphere
Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the engine/flags.go process, which causes the SSE event server to bind to all network interfaces by default on Linux and macOS. An attacker can access sensitive event data by connecting to the...