CVE-2025-14714

An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with...

LibreOffice 安全漏洞

LibreOffice is an open source office software suite from The Document Foundation. A security vulnerability exists in LibreOffice versions 25.2 up to and including 25.2.4, which stems from the application's bundled interpreter inheriting TCC permissions from the main application, potentially leadi...

Read the Docs vulnerable to Cross-Site Scripting (XSS)

Impact This vulnerability allowed a malicious user to serve arbitrary HTML files from the main application domain readthedocs.org/readthedocs.com by exploiting a vulnerability in the code that serves downloadable content from a project. Exploiting this would have required the attacker to get a...

GHSA-77M7-9WVW-87FX Privilege Issues in jailed

All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert method which can access the main application. Exported methods are stored in the application.remote object...

CVE-2022-23923

All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert method which can access the main application. Exported methods are stored in the application.remote object...

CVE-2022-23923

All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert method which can access the main application. Exported methods are stored in the application.remote object...

Privilege Escalation

cordova-plugin-inappbrowser is vulnerable to privilege escalation. The vulnerability exists on android where arbitrary javascript can be run in the main application's website through the value of gap-iab://...