CVE-2025-30431

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information...

CVE-2025-30431

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information...

CVE-2025-30431

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information...

CVE-2025-30431

CVE-2025-30431 affects macOS Sequoia before 15.4, macOS Sonoma before 14.7.5, and macOS Ventura before 13.7.5. The issue stems from insufficient checks that could allow a malicious application to access private information. The vulnerability is addressed with fixes in Sequoia 15.4, Sonoma 14.7.5,...

CVE-2026-28922

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information...

CVE-2026-28922

CVE-2026-28922 affects macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5. Root cause: improved state management in CoreMedia. Impact: an app may be able to access private information. Remediation: patches included in the specified macOS updates (Sequoia 15.7.7, Sonoma 14.8.7, Tahoe ...

CVE-2026-28922

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information...

Authorization Bypass

CKAN is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization enforcement in datastoresearchsql, allowing attackers to bypass access controls and retrieve data from private resources as well as PostgreSQL system information...

CVE-2026-0047

In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0047

In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0047

In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0047

In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0047

In Android, CVE-2026-0047 relates to a missing permission check in ActivityManagerService.java’s dumpBitmapsProto, allowing an app to access private information and achieve local privilege escalation with no extra execution privileges or user interaction required. The description notes a local es...

PT-2026-22683

Name of the Vulnerable Software and Affected Versions ActivityManagerService affected versions not specified Description A flaw exists in the dumpBitmapsProto function within ActivityManagerService.java that may allow an application to access private information because of a missing permission...

CVE-2026-25701

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: gain access to possible private information found in /var/lib/pcrlock.d manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the...

CVE-2026-20603

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information...

EulerOS 2.0 SP10 : glib2 (EulerOS-SA-2026-1027)

According to the versions of the glib2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to...

Researchers Warn of Data Exposure Risks in Claude Chrome Extension

Security experts at Zenity Labs warn that Anthropic’s new agentic browser extension, Claude in Chrome, could bypass traditional web security, exposing private data and login tokens to potential hijackers...

EulerOS 2.0 SP11 : glib2 (EulerOS-SA-2025-2480)

According to the versions of the glib2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to...

CVE-2025-13829

Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: APIKEY 1 year user Session RefreshToken 10 minutes user Session Password hashed with bcrypt User IP Email Full Na...