33047 matches found
PT-2026-53698
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may lead to an unexpected process crash due to improper...
PT-2026-53718
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A kernel issue exists where an application may be able to leak sensitive kernel state. The problem is related to insufficient input...
PT-2026-53723
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...
PT-2026-53728
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...
PT-2026-53726
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A malicious website may exfiltrate data cross-origin. This occurs due to insufficient checks within t...
PT-2026-53720
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Improved input validation was implemented to address a flaw where a malicious website could process...
macOS 26.x < 26.5.2 Multiple Vulnerabilities (127595)
The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.5.2. It is, therefore, affected by multiple vulnerabilities: - A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe...
PT-2026-53697
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may lead to an unexpected process crash due to improper...
About the security content of macOS Tahoe 26.5.2
About the security content of macOS Tahoe 26.5.2 This update delivers security fixes that were first made available in the macOS Tahoe 26.6 beta. This document describes the security content of macOS Tahoe 26.5.2. About Apple security updates For our customers' protection, Apple doesn't disclose,...
GHSA-57F6-PVX8-HWJ6 turso-cli persists Turso platform JWT with world-readable (0o644) file permissions
Summary turso-cli persists the user's Turso platform JWT to settings.json using Viper's default configPermissions of 0o644, leaving the credential file world-readable on standard Linux and macOS systems. Any other local UID on the host can read the file and recover the platform JWT, which grants...
GO-2026-5436 Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin in github.com/julien040/anyquery/plugins/brave
Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin in github.com/julien040/anyquery/plugins/brave...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been resolved through improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5, and iPadOS 18.7.5; iOS 26.3 and iPadOS 26.3; macOS Tahoe 26.3; and visionOS 26.3. A remote attacker may be able to cause a denial-of-service attack...
Malicious code in macos-ci-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f342b002e02396d7f82ee89e77140204c35b673411afd05bc1b3ca91c895a06 On first require of the package, index.js decodes a base64-encoded URL https://api.ingress-hub.com/cdn/assets/update.pkg and downloads the response t...
MAL-2026-6378 Malicious code in macos-ci-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f342b002e02396d7f82ee89e77140204c35b673411afd05bc1b3ca91c895a06 On first require of the package, index.js decodes a base64-encoded URL https://api.ingress-hub.com/cdn/assets/update.pkg and downloads the response t...
CVE-2026-7574
Anthropic Claude Desktop Cowork VM images (v1.1348.0–v1.2278.0) do not validate the contents of rootfs.img at time-of-use; only file presence and a version marker are checked. A local, unprivileged macOS user can modify the VM root filesystem image and have it trusted on subsequent Cowork VM boot...
EUVD-2026-38604
Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...
CVE-2026-49401
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done...
CVE-2026-49401 Deno Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done...
CVE-2026-49401 Deno Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done...
CVE-2026-56315
CVE-2026-56315 affects the Python tool picklescan until version 1.0.4, which fails to block imports from at least seven standard library modules (e.g., uuid, _osx_support, _aix_support, _pyrepl.pager, imaplib). This allows adversaries to craft pickle files that import these unblocked modules to t...