12347 matches found
CVE-2025-46293
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...
CVE-2025-46315
CVE-2025-46315 describes a permissions issue in macOS Tahoe prior to update. An application may be able to access protected user data due to insufficient restrictions. Affected software is macOS Tahoe; the fix is implemented in macOS Tahoe 26.1. Practical impact is high (C:H/I:N/A:N per CVSS 3.1 ...
CVE-2025-46315
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data...
EUVD-2025-210118
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...
CVE-2025-43278
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...
EUVD-2025-210111
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...
CVE-2025-43278
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...
CVE-2025-43278
CVE-2025-43278 affects macOS Sequoia prior to 15.4; the issue arises from improper handling of symlinks and is addressed in macOS Sequoia 15.4. The description notes that an app may be able to access protected user data due to this flaw. According to the connected sources, the vulnerability is mi...
Insufficiently Protected Credentials
Overview meta-ads-mcp is a Model Context Protocol MCP server for Meta Ads - Use Remote MCP at pipeboard.co for easiest setup Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the AuthInjectionMiddleware.dispatch process. An attacker can gain unauthorized...
Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization
Summary There is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a PathPrefix rule and applies the StripPrefix middleware, a request path containing...
Exploit for CVE-2026-7665
CVE-2026-7665 — Unauthenticated Information Disclosure in Esse...
PT-2026-48684
Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.48 Traefik versions prior to 3.6.19 Traefik versions prior to 3.7.3 Description An unauthenticated attacker can bypass route-level authentication and authorization in Traefik when PathPrefix-based public routes a...
Apple macOS 访问控制错误漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.1 and earlier contained an access control vulnerability caused by permission issues, which could allow applications to access protected user data...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 had a security vulnerability due to improper handling of symbolic links, which could allow applications to access protected user data...
Spring Boot: Spring Boot: Authentication bypass via misconfigured Health Group additional path
A flaw was found in Spring Boot. This vulnerability, an authentication bypass, occurs when an application endpoint requiring authentication is declared under a specific path already configured for a Health Group additional path. A remote attacker could exploit this to bypass authentication,...
EUVD-2026-35916
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...
PT-2026-48559
An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources...
ROS-20260610-73-0036
The vulnerability of the SDL3 RDP client for FreeRDP is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to compromise the accessibility of protected information...
PT-2026-52482
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Insufficiently protected credentials stored within firmware or system files may allow an unauthenticated attacker to gain unauthorized access and expose sensitiv...
ROS-20260609-73-0001
The vulnerability of the IndexedDB component in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to the exposure of information. Exploiting this vulnerability can allow an attacker to compromise the confidentiality and accessibility of protected informati...