Lucene search
K

33016 matches found

OSV
OSV
added 11 hours ago4 views

BIT-SETUPTOOLS-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS6.1AI score0.00269EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 13 hours ago4 views

Malicious code in eth-wallet-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 517d465272a3a1d252e83e178bb263a1ccf600b42fed6d5aa1d110b9141fc77a On require of index.js, a delayed IIFE reads test/fixtures/keypairs.dat, base64-decodes it into /.cache-db/.node-sync/syncd.js mode 0o700, and spawns...

6.1AI score
Exploits0References4
The Hacker News
The Hacker News
added yesterday10 views

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in...

6.2AI score
Exploits0
NVD
NVD
added 5 days ago6 views

CVE-2026-0278

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...

8.4CVSS0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-0275 Prisma Browser: Local Privilege Escalation on macOS

A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS...

5.4CVSS0.0011EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42688

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...

8.4CVSS5.9AI score0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-0278 Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...

8.4CVSS0.00151EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56917

Name of the Vulnerable Software and Affected Versions Prisma Browser affected versions not specified Description A local privilege escalation issue in Prisma Browser on macOS allows a locally authenticated administrator who has access to the local filesystem to execute actions on the device with...

5.4CVSS6.2AI score0.0011EPSS
Exploits0References4
NVD
NVD
added 6 days ago9 views

CVE-2026-59890

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS0.00269EPSS
Exploits1References3
CVE
CVE
added 6 days ago13 views

CVE-2026-59890

Setuptools vulnerability CVE-2026-59890 affects the setuptools sdist packaging logic. Prior to 83.0.0, FileList exclusions (MANIFEST.in exclude, global-exclude, recursive-exclude, prune) were matched against on-disk file names without Unicode normalization, so an NFD filename on macOS APFS/HFS+ c...

6.1CVSS6AI score0.00269EPSS
Exploits1References3Affected Software1
OSV
OSV
added 6 days ago4 views

CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS6.1AI score0.00269EPSS
Exploits1References5
EUVD
EUVD
added 2026/07/06 8:25 p.m.8 views

EUVD-2026-25006

uucore: safetraversal TOCTOU protection only enabled on Linux...

3.6CVSS6AI score0.0018EPSS
Exploits0References5
NVD
NVD
added 2026/07/06 8:16 p.m.6 views

CVE-2026-14898

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

6.5CVSS0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 7:41 p.m.5 views

EUVD-2026-41915

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

6.1AI score0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 7:41 p.m.36 views

CVE-2026-14898

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

0.00221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:41 p.m.5 views

CVE-2026-14898

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

6.1AI score0.00221EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 7:41 p.m.18 views

CVE-2026-14898

The CVE affects the OpenAI Codex desktop app for macOS, where rendering remote images from Markdown in model responses can exfiltrate data. An indirect prompt injection in content (e.g., from connected tools or untrusted sources) could cause the model to construct a remote image URL containing se...

6.5CVSS6.1AI score0.00221EPSS
Exploits0References1
Metasploit
Metasploit
added 2026/07/06 7:5 p.m.82 views

macOS PackageKit ZSH Environment Privilege Escalation

This module exploits CVE-2024-27822, a vulnerability in macOS PackageKit.framework where PKG installer scripts using a ZSH shebang !/bin/zsh are executed as root while inheriting the installing user's environment. This causes ZSH to load the user's /.zshenv with root privileges before the install...

7.8CVSS7.2AI score0.01312EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/07/06 8:13 a.m.11 views

New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS

Cybersecurity researchers have flagged a novel Java-based remote access trojan RAT called QuimaRAT that's capable of targeting Windows, Linux, and macOS environments. According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-service MaaS model, costing anywhere between...

6.3AI score
Exploits0
EUVD
EUVD
added 2026/07/06 6:30 a.m.6 views

EUVD-2026-41815

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS5.7AI score0.01324EPSS
Exploits0References6
Rows per page
Query Builder