24 matches found
CVE-2026-14898
The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...
CVE-2026-14898
The CVE affects the OpenAI Codex desktop app for macOS, where rendering remote images from Markdown in model responses can exfiltrate data. An indirect prompt injection in content (e.g., from connected tools or untrusted sources) could cause the model to construct a remote image URL containing se...
CVE-2024-41138
A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams work or school 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject...
CVE-2019-12137
Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note...
EUVD-2021-27023
Malware in sbrugna...
EUVD-2017-8960
Malware in sbrugna...
EUVD-2023-32662
Malicious code in bioql PyPI...
EUVD-2024-54673
Malicious code in bioql PyPI...
EUVD-2024-49970
Malicious code in bioql PyPI...
CVE-2025-10906
A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can...
CVE-2025-4232
CVE-2025-4232 (Palo Alto Networks GlobalProtect on macOS) is an privilege-escalation flaw in the log collection feature caused by improper neutralization of wildcards. The issue affects GlobalProtect app versions on macOS prior to 6.2.8-h2 (and 6.3.x prior to 6.3.3 per Nessus plugin) and can allo...
CVE-2023-29059
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX...
Sand Studio AirDroid Installed (macOS)
Binary data airdroidmacinstalled.nbin...
CVE-2025-2098 Dylib Hijacking in Fast CAD Reader
Fast CAD Reader application on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users...
CVE-2025-1413
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...
CVE-2025-21606
CVE-2025-21606 affects the macOS Stats application. The vulnerable component is the Mach service eu.exelban.Stats.SMC.Helper, exposed via XPC. The root cause is shouldAcceptNewConnection unconditionally returning YES, allowing any XPC client to connect and invoke privileged methods on the HelperT...
Adobe Bridge < 14.1.3 Multiple Vulnerabilities (APSB24-77)
The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 14.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-77 advisory. - Out-of-bounds Read CWE-125 potentially leading to Memory leak CVE-2024-45147 - NULL Pointer Dereference...
CVE-2023-29059
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX...
CVE-2023-29059
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX...
Telegram Stack Overflow Vulnerability (CNVD-2021-38308)
Telegram is an instant messaging mobile application. A stack overflow vulnerability exists in the custom derived graysplitcubic function of the Rlottie library for Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior to 7.1. An attacker can exploit this...