27960 matches found
EUVD-2025-210119
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data...
CVE-2025-43339
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data...
CVE-2025-43339
CVE-2025-43339 concerns an access issue in macOS Tahoe prior to 26.1 where a malicious app could access sensitive user data. The PT-2025-55367 entry corroborates this and states the vulnerability is mitigated by additional sandbox restrictions, with the fix available in macOS Tahoe 26.1. Affected...
CVE-2025-30459
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...
EUVD-2025-210112
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
EUVD-2025-210110
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information...
CVE-2025-46308
CVE-2025-46308: An authorization issue related to state management could allow an app to leak sensitive user information. Affected: iOS prior to 18.4, iPadOS prior to 18.4, and macOS Sequoia prior to 15.4. Fixed in iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4. Mitigation: update to the fixed ver...
USN-8422-1: Mistral vulnerability
Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral did not properly enforce access policies on some API endpoints. An attacker could possibly execute arbitrary code on a Mistral worker and possibly extract sensitive data including service credentials from it...
WordPress Fortis For WooCommerce plugin < 1.3.1 - Sensitive API Key Disclosure vulnerability
Sensitive API Key Disclosure vulnerability discovered by WPScan Team in WordPress Plugin Fortis for WooCommerce versions 1.3.1...
PT-2026-48743
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description A path traversal issue exists in the memory-core artifact loading process, where the workspace state affects how the local package root is resolved. This allows attackers with access to affected...
PT-2026-48674
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...
Apple macOS 路径遍历漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 and earlier contained a path traversal vulnerability. This vulnerability stemmed from parsing issues with directory path handling, which could allow...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 had a security vulnerability that stemmed from privacy concerns, potentially allowing applications to access sensitive user data...
UBUNTU-CVE-2026-48856
Sensitive Data Exposure vulnerability in Erlang OTP inets httpcrespo...
Apple多款产品 访问控制错误漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
CVE-2026-45594
Exposure of sensitive information to an unauthorized actor in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...
CVE-2026-42907
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...
CVE-2026-42906
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...
EUVD-2026-36058
Sensitive Data Exposure vulnerability in Erlang OTP inets httpcresponse module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...
EEF-CVE-2026-48856 httpc leaks Authorization header to cross-origin redirect targets
Summary Sensitive Data Exposure vulnerability in Erlang OTP inets httpc\response module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...