32878 matches found
CVE-2026-9560
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel...
CVE-2026-9560
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel...
CVE-2026-9560
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel...
EUVD-2026-31941
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel...
CVE-2026-9560
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel...
CVE-2026-9560
Summary: CVE-2026-9560 affects OpenVPN Connect for macOS (versions 3.5.1–3.8.1). Affected component is the background service that can escalate privileges via a local IPC channel, allowing an attacker to execute arbitrary commands with elevated privileges. The CVSS metrics indicate a high-impact,...
CVE-2026-46430 Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553"...
CVE-2026-46430 Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553"...
CVE-2026-46430
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553"...
EUVD-2026-31869
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553"...
CVE-2026-46430
CVE-2026-46430 affects Algernon (SSE event server). Before 1.17.7, the SSE event server bound to 0.0.0.0:5553 by default on Linux/macOS due to host default logic, enabling LAN-wide access. The issue arises from platform-dependent default host handling (empty on non-Windows), resulting in an effec...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26 and earlier contained security vulnerabilities, which were caused by logical issues and could allow applications to access sensitive user data...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There are security vulnerabilities in versions prior to Apple macOS Sequoia 15.7, Sonoma 14.8, and Tahoe 26. These vulnerabilities stem from logical issues and could allow malicious applicatio...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Vulnerabilities exist in versions of Apple macOS such as Sequoia 15.7, Sonoma 14.8, and Tahoe 26. These vulnerabilities stem from permission issues, which may allow applications to modify the...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There are security vulnerabilities in versions prior to Apple macOS Sequoia 15.7, Sonoma 14.8, and Tahoe 26. These vulnerabilities stem from logical issues and could allow malicious applicatio...
PT-2026-43422
Name of the Vulnerable Software and Affected Versions macOS versions prior to Sequoia 15.7 macOS versions prior to Tahoe 26 Description A race condition exists that allows an application to gain root privileges, enabling unauthorized access to system resources. This issue has been exploited in...
PT-2026-43371
Name of the Vulnerable Software and Affected Versions OpenVPN Connect versions 3.5.1 through 3.8.1 Description A privilege escalation issue exists in the background service of OpenVPN Connect on macOS. This allows attackers to execute arbitrary commands with elevated privileges by utilizing a loc...
MAL-2026-4348 Malicious code in api-rs-node (npm)
A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...
FBI Chief Kash Patel’s Clothing Store Hacked in ClickFix Infostealer Attack
Hackers compromised FBI Chief Kash Patel’s clothing store in a ClickFix attack that tricked macOS users into installing infostealer malware...
Malicious code in clobprice.api (npm)
A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...