Lucene search
K

33047 matches found

Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.15 views

PT-2026-53698

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may lead to an unexpected process crash due to improper...

6.5CVSS5.8AI score0.00194EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53718

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A kernel issue exists where an application may be able to leak sensitive kernel state. The problem is related to insufficient input...

5.5CVSS6AI score0.00147EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53723

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...

8.8CVSS5.9AI score0.00201EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53728

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...

6.5CVSS5.9AI score0.0025EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53726

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A malicious website may exfiltrate data cross-origin. This occurs due to insufficient checks within t...

8.1CVSS5.9AI score0.00163EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.8 views

PT-2026-53720

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Improved input validation was implemented to address a flaw where a malicious website could process...

7.1CVSS6.1AI score0.00314EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

macOS 26.x < 26.5.2 Multiple Vulnerabilities (127595)

The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.5.2. It is, therefore, affected by multiple vulnerabilities: - A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe...

9.1CVSS6.9AI score0.00371EPSS
Exploits2References38
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.16 views

PT-2026-53697

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may lead to an unexpected process crash due to improper...

6.5CVSS5.9AI score0.00194EPSS
Exploits0References9
Apple
Apple
added 2026/06/29 12:0 a.m.8 views

About the security content of macOS Tahoe 26.5.2

About the security content of macOS Tahoe 26.5.2 This update delivers security fixes that were first made available in the macOS Tahoe 26.6 beta. This document describes the security content of macOS Tahoe 26.5.2. About Apple security updates For our customers' protection, Apple doesn't disclose,...

9.1CVSS5.8AI score0.00371EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2026/06/26 8:44 p.m.3 views

GHSA-57F6-PVX8-HWJ6 turso-cli persists Turso platform JWT with world-readable (0o644) file permissions

Summary turso-cli persists the user's Turso platform JWT to settings.json using Viper's default configPermissions of 0o644, leaving the credential file world-readable on standard Linux and macOS systems. Any other local UID on the host can read the file and recover the platform JWT, which grants...

5.5CVSS5.6AI score
Exploits0References2
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5436 Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin in github.com/julien040/anyquery/plugins/brave

Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin in github.com/julien040/anyquery/plugins/brave...

5.9AI score0.00048EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in WebKit2GTK

This issue has been resolved through improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5, and iPadOS 18.7.5; iOS 26.3 and iPadOS 26.3; macOS Tahoe 26.3; and visionOS 26.3. A remote attacker may be able to cause a denial-of-service attack...

7.5CVSS7AI score0.00608EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 7:21 a.m.7 views

Malicious code in macos-ci-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f342b002e02396d7f82ee89e77140204c35b673411afd05bc1b3ca91c895a06 On first require of the package, index.js decodes a base64-encoded URL https://api.ingress-hub.com/cdn/assets/update.pkg and downloads the response t...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/24 7:21 a.m.5 views

MAL-2026-6378 Malicious code in macos-ci-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f342b002e02396d7f82ee89e77140204c35b673411afd05bc1b3ca91c895a06 On first require of the package, index.js decodes a base64-encoded URL https://api.ingress-hub.com/cdn/assets/update.pkg and downloads the response t...

5.9AI score
Exploits0References1
CVE
CVE
added 2026/06/23 11:54 p.m.32 views

CVE-2026-7574

Anthropic Claude Desktop Cowork VM images (v1.1348.0–v1.2278.0) do not validate the contents of rootfs.img at time-of-use; only file presence and a version marker are checked. A local, unprivileged macOS user can modify the VM root filesystem image and have it trusted on subsequent Cowork VM boot...

8.7CVSS6.5AI score0.00103EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/23 7:53 p.m.10 views

EUVD-2026-38604

Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-49401

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done...

8.4CVSS0.00144EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 5:22 p.m.42 views

CVE-2026-49401 Deno Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done...

7.3CVSS0.00144EPSS
Exploits1References1
OSV
OSV
added 2026/06/23 5:22 p.m.4 views

CVE-2026-49401 Deno Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done...

7.3CVSS6.1AI score0.00144EPSS
Exploits1References3
CVE
CVE
added 2026/06/23 12:13 p.m.25 views

CVE-2026-56315

CVE-2026-56315 affects the Python tool picklescan until version 1.0.4, which fails to block imports from at least seven standard library modules (e.g., uuid, _osx_support, _aix_support, _pyrepl.pager, imaplib). This allows adversaries to craft pickle files that import these unblocked modules to t...

9.8CVSS6.7AI score0.00757EPSS
Exploits0References2
Rows per page
Query Builder