33005 matches found
PT-2026-53724
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A path handling issue exists where processing maliciously crafted web content may disclose sensitive...
macOS 26.x < 26.5.2 Multiple Vulnerabilities (127595)
The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.5.2. It is, therefore, affected by multiple vulnerabilities: - A use-after-free issue was addressed with improved memory management. CVE-2026-28979, CVE-2026-39868, CVE-2026-39872, CVE-2026-43663, CVE-2026-43676,...
PT-2026-53729
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A race condition, which occurs when the timing or sequence of events is not properly controlled, was identified. This issue allows an...
PT-2026-53721
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...
PT-2026-53725
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue exists due to improper memory management. This occurs when a program continues...
PT-2026-53718
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A kernel issue exists where an application may be able to leak sensitive kernel state. The problem is related to insufficient input...
PT-2026-53723
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...
PT-2026-53707
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A memory corruption issue exists within WebKit. Processing maliciously crafted web content can lead t...
PT-2026-53709
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...
PT-2026-53700
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...
PT-2026-53697
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may lead to an unexpected process crash due to improper...
PT-2026-53726
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A malicious website may exfiltrate data cross-origin. This occurs due to insufficient checks within t...
Malicious code in ulid-xyz (npm)
ulid-xyz is a typosquat of the popular ulid library sortable unique IDs and is a cross-platform Remote Access Trojan delivered via a postinstall hook. The package.json postinstall superficially looks like an inline node -e guard that checks for the existence of a dist file, but it actually launch...
About the security content of macOS Tahoe 26.5.2
About the security content of macOS Tahoe 26.5.2 This update delivers security fixes that were first made available in the macOS Tahoe 26.6 beta. This document describes the security content of macOS Tahoe 26.5.2. About Apple security updates For our customers' protection, Apple doesn't disclose,...
GHSA-57F6-PVX8-HWJ6 turso-cli persists Turso platform JWT with world-readable (0o644) file permissions
Summary turso-cli persists the user's Turso platform JWT to settings.json using Viper's default configPermissions of 0o644, leaving the credential file world-readable on standard Linux and macOS systems. Any other local UID on the host can read the file and recover the platform JWT, which grants...
GO-2026-5436 Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin in github.com/julien040/anyquery/plugins/brave
Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin in github.com/julien040/anyquery/plugins/brave...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been resolved through improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5, and iPadOS 18.7.5; iOS 26.3 and iPadOS 26.3; macOS Tahoe 26.3; and visionOS 26.3. A remote attacker may be able to cause a denial-of-service attack...
Malicious code in macos-ci-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f342b002e02396d7f82ee89e77140204c35b673411afd05bc1b3ca91c895a06 On first require of the package, index.js decodes a base64-encoded URL https://api.ingress-hub.com/cdn/assets/update.pkg and downloads the response t...
CVE-2026-7574
Anthropic Claude Desktop Cowork VM images (v1.1348.0–v1.2278.0) do not validate the contents of rootfs.img at time-of-use; only file presence and a version marker are checked. A local, unprivileged macOS user can modify the VM root filesystem image and have it trusted on subsequent Cowork VM boot...
EUVD-2026-38604
Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...