CVE-2026-49237 Local Privilege Escalation in Canonical Multipass

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

PT-2026-42532

IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv -prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that...

CVE-2026-0251 GlobalProtect App: Local Privilege Escalation Vulnerabilities

Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative...

CVE-2025-4960 macOS Local Privilege Escalation via Improper Authorization Handling in EPSON Printer Controller Installer

The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s...

CVE-2025-4960

CVE-2025-4960 affects macOS via the EPSON printer driver installer’s com.epson.InstallNavi.helper, which exposes privileged functionality due to improper authorization handling and weak client authentication over XPC. The API flow uses overly permissive custom rights registered in /var/db/auth.db...

CVE-2025-62686

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a RESTRICT segment, a local user may exploit the DYLDINSERTLIBRARIES environment...

EUVD-2020-30634

Malware in sbrugna...

EUVD-2016-8505

Malware in sbrugna...

EUVD-2023-57765

Malicious code in bioql PyPI...

CVE-2025-53819 Nix's privilege dropping to build user broke for macOS

Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges root, instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available...

CVE-2025-53819 Nix's privilege dropping to build user broke for macOS

Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges root, instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available...

CVE-2023-46689

Improper neutralization in IntelR Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access...

Mozilla Thunderbird < 128.10

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-32 advisory. - Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memo...

CVE-2024-2451 Improper fingerprint validation in the TeamViewer Client

Improper fingerprint validation in the TeamViewer Client Full & Host prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading...

CVE-2021-36666

An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission...