CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-35919

Malicious code in bioql PyPI...

7.1CVSS6.8AI score0.00064EPSS

Exploits0References3

Positive Technologies•added 2025/07/02 12:0 a.m.•2 views

PT-2025-27661

Name of the Vulnerable Software and Affected Versions: Laundry version 2.3.0 Description: A Cross-Site Request Forgery CSRF issue allows for Account Takeover. This affects Linux and MacOS systems. Recommendations: For Laundry version 2.3.0, update to a version that includes a fix for this issue, ...

8.8CVSS6.5AI score0.00105EPSS

Exploits1References7

The Hacker News•added 2025/06/06 4:25 p.m.•48 views

New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer AMOS on Apple macOS systems. The campaign, according to CloudSEK, has been found to...

7.3AI score

Exploits0

Vulnrichment•added 2025/05/27 10:9 a.m.•14 views

CVE-2025-4412 TCC Bypass via Dylib Loading in Viscosity.app

On macOS systems, by utilizing a Launch Agent and loading the viscosityopenvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC Transparency, Consent, and Control identity. The acquired resource access is limited without entitlements such as acces...

4.8CVSS6.7AI score0.00068EPSS

Exploits0References2

Positive Technologies•added 2025/05/27 12:0 a.m.•2 views

PT-2025-22984 · Viscosity · Viscosity

Name of the Vulnerable Software and Affected Versions: Viscosity versions prior to 1.11.5 Description: The issue allows loading a dynamic library with Viscosity's TCC identity on macOS systems by utilizing a Launch Agent and loading the viscosity openvpn process from the application bundle. The...

4.8CVSS6.3AI score0.00068EPSS

Exploits0References6

RedhatCVE•added 2025/05/23 10:41 a.m.•7 views

CVE-2024-10183

A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems...

5.2CVSS7.2AI score0.0006EPSS

RedhatCVE•added 2025/05/23 12:12 a.m.•4 views

CVE-2022-26746

This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences...

5.5CVSS6.1AI score0.00271EPSS

Tenable Nessus•added 2025/05/17 12:0 a.m.•7 views

Mozilla Firefox ESR < 128.10.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-37 advisory. - An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing...

9.8CVSS8.2AI score0.00994EPSS

Exploits1References3

MAL-2025-2547 Malicious code in github.com/shadowybulk/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 80a941bac0303482eb50ebe17fbfa05f22640a3932940be16100c6a1c0357a04 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2544 Malicious code in github.com/belatedplanet/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ae6bd303b29130f3970f2f526b9c704e4fa0905fa4b3e015542213f4aaf5f701 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

OSV•added 2025/03/19 11:58 p.m.•2 views

MAL-2025-2551 Malicious code in github.com/vainreboot/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security cd535431a1bde903495e71799081c385016d84659ac004c1c57c0d81e311ee59 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2550 Malicious code in github.com/utilizedsun/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c1511f2ec5bec408a1a2febf7d6a7bc0db05b5af4870679ef43223ecff5f000d Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

OSV•added 2025/03/19 11:58 p.m.•4 views

MAL-2025-2548 Malicious code in github.com/shallowmulti/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 25d0e55a48f82ab8ddd5e90d258c133505fa7fea03b775c1987e0dd7f9453f08 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2546 Malicious code in github.com/ornatedoctrin/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 9edf608032bbc84563da5c04376d6add49123c8fdba94883c239857eb45afc40 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

OSV•added 2025/03/19 11:58 p.m.•3 views

MAL-2025-2549 Malicious code in github.com/thankfulmai/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3fb8eb4f90f5b6657c77cd4876445c068cc53ec74237d2ec559dd21c3c876fc4 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...