32885 matches found
CVE-2026-33448 Format string vulnerability in MacOS clients prior to 14.50
CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets...
EUVD-2026-26416
CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets...
PT-2026-36174
Name of the Vulnerable Software and Affected Versions Secure Access MacOS client versions prior to 14.50 Description An out of bounds read occurs when attackers controlling a modified server send a malformed packet to the client, resulting in a denial of service. Recommendations Update to version...
PT-2026-36170
Name of the Vulnerable Software and Affected Versions Secure Access client for MacOS versions prior to 14.50 Description A format string issue exists in the logging subsystem. Attackers controlling a modified server can force the client to dump small portions of memory into log files, which may...
Mozilla Thunderbird < 150.0.1
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 150.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-38 advisory. - Information disclosure due to incorrect boundary conditions in the Audio/Video component. This...
Wireshark 1.10.x < 1.10.2 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 1.10.2. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-1.10.2 advisory. - Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before...
Mozilla Thunderbird < 140.10.1
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-39 advisory. - Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This...
exploit-db-skill
Exploit-DB Skill Cross-Platform Small cross-platform helper...
Mozilla Firefox ESR < 140.10.1
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 140.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-36 advisory. - Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This...
Mozilla Firefox < 150.0.1
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 150.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-35 advisory. - Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence...
📄 Vienna Assistant 1.2.542 macOS Privilege Escalation
A macOS helper service interface implemented via NSXPC was observed exposing methods that may allow privileged operations such as file writing and command execution through a remote proxy connection...
[SECURITY] Fedora 44 Update: LabPlot-2.12.1-17.fc44
LabPlot is a FREE, open source and cross-platform Data Visualization and Analysis software accessible to everyone. - High-quality Data Visualization and Plotting with just a few clicks - Reliable and easy Data Analysis and Statistics, no coding required! - Intuitive and fast Computing with...
EUVD-2026-25006
The safetraversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use TOCTOU symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize...
GHSA-GGC5-46RG-MR4V uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
The safetraversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use TOCTOU symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize...
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
The safetraversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use TOCTOU symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize...
CVE-2026-35362
The safetraversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use TOCTOU symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize...
CVE-2026-35362 uutils coreutils Missing TOCTOU Protection on Non-Linux Unix Platforms in Safe Traversal Module
The safetraversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use TOCTOU symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize...
CVE-2026-35362
The safetraversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use TOCTOU symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize...
uutils coreutils 安全漏洞
uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils. This vulnerability stems from the safe-traversal protection mechanism, which is limited to Linux targets. As a result, directory traversal attacks may be...
CVE-2026-40599
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple...