Apple macOS Denial of Service Vulnerability (CNVD-2026-17907)

Apple macOS is a specialized operating system developed by Apple for Mac computers. A denial of service vulnerability exists in Apple macOS, which can be exploited by an attacker to cause an application to terminate unexpectedly...

Unspecified vulnerability in Apple macOS Sequoia (CNVD-2026-17904)

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia has a security vulnerability that can be exploited by attackers to cause an application to break out of its sandbox...

Apple Security Update: macOS Tahoe 26.4.1

Apple recommends to install security update macOS Tahoe 26.4.1 on devices macOS Tahoe...

DEBIAN-CVE-2026-5868

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-5879

Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5868

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-39862

Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute...

CVE-2026-39862 Tophat has a Command Injection Vulnerability When Accessing a Maliciously Crafted Tophat Link

Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute...

CVE-2026-39862

Tophat, a mobile alkalmazations testing harness, is affected prior to version 2.5.1. A crafted tophat:// or localhost:29070 URL causes the arguments query parameter to flow unsanitized from URL parsing to /bin/bash -c, enabling remote code execution with the developer’s macOS user permissions. An...

EUVD-2026-20613

Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute...

PT-2026-31441

Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute...

Malicious code in @velora-dex/sdk (npm)

Malicious npm package executing base64-decoded shell command to download and run stage-2 payload from C2 server 89.36.224.5 targeting macOS --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21a732dd2745098176d2c19fe3edb359db6f6690b5d14b8d49e8a00b61325311 The packa...

MAL-2026-2510 Malicious code in @velora-dex/sdk (npm)

Malicious npm package executing base64-decoded shell command to download and run stage-2 payload from C2 server 89.36.224.5 targeting macOS --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21a732dd2745098176d2c19fe3edb359db6f6690b5d14b8d49e8a00b61325311 The packa...

VulnCheck KEV: CVE-2025-46289

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data...

VulnCheck KEV: CVE-2025-43532

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing malicious data may lead to unexpect...

VMware Fusion 13.x, 25H2 < 25H2u1 Improper Restriction of Communication Channel to Intended Endpoints (VMSA-2026-0002)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 13.x, 25H2 prior to 25H2u1. It is, therefore, affected by a vulnerability. - VMWare Workstation and Fusion contain a logic flaw in the management of network packets. A malicious actor with administrative privileges on ...

Mozilla Firefox ESR < 115.34.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.34.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2026-26 advisory. - Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox...

Mozilla Thunderbird < 149.0.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 149.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-28 advisory. - Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed...

VulnCheck KEV: CVE-2025-43482

The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to cause a denial-of-service...

CVE-2026-34779

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFolder used an AppleScript fallback path that did not properly handle certain characters in the...