241387 matches found
CVE-2025-24165
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination...
EUVD-2025-210113
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination...
CVE-2025-24165
CVE-2025-24165 describes a permissions issue in macOS that could allow an app to cause unexpected system termination. The vulnerability is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. No exploitation details are provided. Remediation: upgrade to the listed macOS ver...
CVE-2025-24284
Summary of CVE-2025-24284: A sandbox breakout vulnerability affecting macOS prior to Sequoia 15.4. The issue allows an application to break out of its sandbox, with the fixed version being macOS Sequoia 15.4. No exploit details are provided in the connected documents. Remediation is to upgrade to...
EUVD-2025-210112
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2025-46308
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information...
CVE-2026-47162
Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...
OS Command Injection
pheditor/pheditor is vulnerable to OS Command Injection. The vulnerability is due to improper sanitization of the user-controlled dir parameter, which allows an attacker to inject shell metacharacters and execute arbitrary operating system commands, bypassing command whitelist restrictions...
Malicious code in @johntaohunter/forge-jsx (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bfdaadccdf8be83d7d73486bbaef607a373bb063881e36a37ef0c0846e701b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5674 Malicious code in @johntaohunter/forge-jsx (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bfdaadccdf8be83d7d73486bbaef607a373bb063881e36a37ef0c0846e701b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ioredis-orm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15186d98f16a0cfdcb0cac8d616ea4afc4e6d1443be464ef1a140ab79a5d5d0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-10238
During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode SMM...
EUVD-2026-36250
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...
CVE-2026-10847
A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitatio...
Malicious code in vqlxjmpr (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bdcc295891f10380c7f487d7ea61c1bd17d7230a8feed4f12d04b8aa7bddcaa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5672 Malicious code in vqlxjmpr (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bdcc295891f10380c7f487d7ea61c1bd17d7230a8feed4f12d04b8aa7bddcaa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @iobeya/spa-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9a974281dcc6456d815e6cb8b755c3084c7ba2d4026264474e459681a9a25cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @hatcha-captcha/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9a9310a4e2c8c3906b130725a5d8366ccad0df5529428fa9056c62f69f4c3b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5655 Malicious code in @hatcha-captcha/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9a9310a4e2c8c3906b130725a5d8366ccad0df5529428fa9056c62f69f4c3b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5663 Malicious code in @tenforce/toolbox-fontmap (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc43bc0434418226ca77115c791ff0ea0031a0d314e73acfe0a62686528ceaad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...