Mozilla Thunderbird < 140.12

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-61 advisory. - Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152,...

CVE-2025-14098 Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable file

Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux...

CVE-2025-7010 Avast antivirus stack overflow when scanning a malformed PDF file

Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, an...

PT-2026-49010

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25040308 AVG Antivirus versions prior to VPS 25040308 Norton Antivirus versions prior to VPS 25040308 Avast One versions prior to VPS 25040308 Avast Business Antivirus versions prior to VPS 25040308...

CVE-2026-11626 Local Privilege Escalation in Symantec Endpoint Protection macOS CleanWipe Removal Tool

CleanWipe Removal Tool macOS, prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control...

SUSE CVE-2026-11686

Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

PT-2026-47512

Name of the Vulnerable Software and Affected Versions Google Chrome on macOS versions prior to 149.0.7827.103 Description Insufficient validation of untrusted input in Dawn allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page...

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the engine/flags.go process, which causes the SSE event server to bind to all network interfaces by default on Linux and macOS. An attacker can access sensitive event data by connecting to the...

PT-2026-42831

Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The MLX inference backend uses the MLX-LM library, which imports and executes arbitrary Python files from model directories via the model file configuration field in the...

PT-2026-42830

Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The vllm-metal inference backend unconditionally sets trust remote code=True when loading model tokenizers and operates without sandboxing. This allows the...

CVE-2026-8517

Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

Mozilla Firefox < 150.0.3

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 150.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-45 advisory. - Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3...

Mozilla Thunderbird < 140.10.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-39 advisory. - Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This...

Adobe InDesign < 20.5.3 / 21.0 < 21.3.0 Multiple Vulnerabilities (APSB26-32) (macOS)

The version of Adobe InDesign installed on the remote macOS host is prior to 20.5.3, 21.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-32 advisory. - Heap-based Buffer Overflow CWE-122 potentially leading to Arbitrary code execution CVE-2026-34627,...

EUVD-2026-9829

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Heartbeat sync loop modules allows Sniffing Attacks. This vulnerability is associated with program files src/hbbshttp/sync.Rs and program routine...

CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

Google Chrome < 144.0.7559.59 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 144.0.7559.59. It is, therefore, affected by multiple vulnerabilities as referenced in the 202601stable-channel-update-for-desktop13 advisory. - Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a...

Mozilla Firefox < 8.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 8.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2011-51 advisory. - Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior...

Exploit for CVE-2025-9074

CVE-2025-9074: Docker Desktop Container Escape PoC !CVEhtt...

CVE-2025-8351 Avira antivirus engine heap buffer OOB read when scanning a malformed file

Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avira Antivirus engine when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before...