29 matches found
CVE-2026-28910
This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitrary files...
CVE-2026-28910
CVE-2026-28910 affects macOS Tahoe 26.4 security content where Archive Utility’s permissions checking was improved to fix an issue that could allow a malicious app to access arbitrary files. The available sources confirm the vulnerability and its patch, with the fix applied in macOS Tahoe 26.4. N...
CVE-2026-28864
This issue was addressed with improved permissions checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A local attacker may gain access to user's Keychain items...
EUVD-2026-15141
This issue was addressed with improved permissions checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A local attacker may gain access to user's Keychain items...
CVE-2026-28864
CVE-2026-28864 concerns a permissions-checking issue in Apple OS components that could allow a local attacker to access a user’s Keychain items. The CVE is addressed in iOS 18.7.7, iPadOS 18.7.7, iOS 26.4, iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, an...
CVE-2024-44210
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data...
EUVD-2025-8887
Malicious code in bioql PyPI...
EUVD-2025-2640
Malicious code in bioql PyPI...
CVE-2025-31184
This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network...
CVE-2025-31184
This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network...
CVE-2025-31184
This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network...
CVE-2025-31184
CVE-2025-31184 affects Apple platforms: Safari 18.4, visionOS 2.4, iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4. Root cause: improved permissions checking that may allow an app to gain unauthorized access to the Local Network. Impact is high (CVE metrics: CVSS v3.1 base score 7.8, Confidentialit...
CVE-2024-44228
This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data...
CVE-2024-44228
This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data...
CVE-2024-44228
This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data...
CVE-2024-27848
This issue was addressed with improved permissions checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. A malicious app may be able to gain root privileges...
CVE-2024-27848
CVE-2024-27848 affects Apple platforms (macOS, iOS, iPadOS). The issue corresponds to an elevation of privileges via improved permissions checking, enabling a malicious local app to gain root privileges. The vulnerability is fixed in macOS Sonoma 14.5 and iOS/iPadOS 17.5. Related Apple security c...
CVE-2023-40584
A flaw was found in ArgoCD, where it failed to properly validate the user-controlled tar.gz file uploaded to the repo-server component. As a result, a maliciously crafted tar.gz file sent by a low-privileged user may result in resource starvation and further denial of service of the ArgoCD server...
Code injection
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...
CVE-2022-2461 Transposh WordPress Translation <= 1.0.9.6 - Unauthorized Settings Change
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...