cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

EUVD-2023-46380

Malicious code in bioql PyPI...

CVE-2025-10016

The CVE-2025-10016 issue affects the Sparkle framework’s Autoupdate/Downloader.xpc mechanism. Reports in connected sources describe a local, unprivileged attacker who can exploit a race condition by connecting to the daemon as root to request installation of a crafted PKG, leading to local privil...

Malicious code in malicious-pkg-demo (npm)

--- -= Per source details. Do not edit below this line.=-...

Privilege escalation

An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files...