CVE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

CVE-2025-64723 Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...

CVE-2025-64723

Summary: Arduino IDE for macOS prior to 2.3.7 had overly permissive security entitlements that could bypass the macOS Hardened Runtime protections, enabling an attacker to inject malicious dynamic libraries into the process and access all TCC permissions granted to the app. Impact (as stated): by...

PT-2025-52244

Name of the Vulnerable Software and Affected Versions Arduino IDE versions prior to 2.3.7 Description Arduino IDE for macOS, before version 2.3.7, had overly permissive security entitlements. This configuration bypassed macOS Hardened Runtime protections, allowing attackers to inject malicious...

EUVD-2025-25784

Malicious code in bioql PyPI...

PT-2025-36257

Name of the Vulnerable Software and Affected Versions: Nordic Semiconductor nRF52810 affected versions not specified Description: The On-Chip Debug and Test Interface in the nRF52810 has improper access control and insufficient protection against Electromagnetic Fault Injection EM-FI. This allows...

CVE-2025-8597

MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context despite...

CVE-2025-8700

Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...

CVE-2025-8700 Privilege Escalation via get-task-allow entitlement in Invoice Ninja

Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...

CVE-2025-8700 Privilege Escalation via get-task-allow entitlement in Invoice Ninja

Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...

CVE-2025-8597 Privilege Escalation via get-task-allow entitlement in MacVim.app

MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context despite...

CVE-2025-8597 Privilege Escalation via get-task-allow entitlement in MacVim.app

MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context despite...

CVE-2025-8597

CVE-2025-8597 affects MacVim on macOS due to the presence of the entitlement com.apple.security.get-task-allow . This allows local unprivileged attackers (e.g., via a malicious application) to attach a debugger, read/modify the process memory, and inject code into the app’s context, even when sig...

New Unpatched macOS Flaw Lets Apps Spy On Your Safari Browsing History

A new security vulnerability has been discovered in the latest version of Apple's macOS Mojave that could allow a malicious application to access data stored in restricted folders which are otherwise not accessible to every app. Discovered by application developer Jeff Johnson on February 8, the...