Lucene search
K

784 matches found

Vulnrichment
Vulnrichment
added 2025/08/26 12:22 p.m.2 views

CVE-2025-9190 TCC Bypass via misconfigured Node fuses in Cursor

The configuration of Cursor on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC Transparency, Consent, and Control permissions. Acquired resource access is limited to previously granted permission...

4.8CVSS7.8AI score0.00128EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/26 12:22 p.m.1 views

CVE-2025-53813 TCC Bypass via misconfigured Node fuses in Nozbe

The configuration of Nozbe on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC Transparency, Consent, and Control permissions. Acquired resource access is limited to previously granted permissions...

4.8CVSS7.9AI score0.00119EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/26 12:22 p.m.7 views

CVE-2025-53813 TCC Bypass via misconfigured Node fuses in Nozbe

The configuration of Nozbe on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC Transparency, Consent, and Control permissions. Acquired resource access is limited to previously granted permissions...

4.8CVSS0.00119EPSS
Exploits0References2
CVE
CVE
added 2025/08/26 12:22 p.m.13 views

CVE-2025-53813

CVE-2025-53813 affects Nozbe on macOS due to a misconfiguration of the RunAsNode fuse, enabling a local unprivileged attacker to execute code that inherits Nozbe TCC permissions. Acquired resources are limited to user-granted permissions; other access requires a system prompt. The issue is fixed ...

4.8CVSS7.4AI score0.00119EPSS
Exploits0References2
CVE
CVE
added 2025/08/26 12:22 p.m.12 views

CVE-2025-53811

CVE-2025-53811 describes a TCC-related bypass in Mosh-Pro on macOS caused by misconfigured RunAsNode fuses. A local, unprivileged attacker could execute arbitrary code that runs with Mosh-Pro’s TCC permissions, limited to permissions the user has already granted. Additional resource access beyond...

4.8CVSS7.5AI score0.00119EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/26 12:22 p.m.5 views

CVE-2025-53811 TCC Bypass via misconfigured Node fuses in Mosh-Pro

The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC Transparency, Consent, and Control permissions. Acquired resource access is limited to previously granted...

4.8CVSS8AI score0.00119EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.4 views

PT-2025-34755 · Mosh Pro +1 · Mosh-Pro +1

Name of the Vulnerable Software and Affected Versions: Mosh-Pro version 1.3.2 Description: The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC Transparency, Consent...

4.8CVSS6.7AI score0.00119EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.4 views

PT-2025-34758 · Unknown +1 · Invoice Ninja +1

Name of the Vulnerable Software and Affected Versions: Invoice Ninja versions prior to 5.0.175 Description: Invoice Ninja on macOS is susceptible to a local privilege escalation issue. The presence of the “com.apple.security.get-task-allow” entitlement allows local attackers with unprivileged...

4.8CVSS6.4AI score0.00127EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.3 views

PT-2025-34756 · Nozbe · Nozbe

Name of the Vulnerable Software and Affected Versions: Nozbe versions prior to 2025.11 Description: The configuration of Nozbe on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC Transparency,...

4.8CVSS7.9AI score0.00119EPSS
Exploits0References6
Akamai Blog
Akamai Blog
added 2025/08/25 9:0 p.m.3 views

Marginal Emissions Rates: See Carbon Emissions with Clarity in Real Time

Learn how Akamai is using marginal emissions rates to improve the transparency and accuracy of our emissions accounting...

7.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/08/22 4:3 p.m.9 views

Wordfence Bug Bounty Program Monthly Report – July 2025

Last month in July 2025, the Wordfence Bug Bounty Program received 325 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence...

9.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/22 12:0 a.m.5 views

CISA: 2025 Minimum Elements for a Software Bill of Materials (SBOM)

CISA is requesting public comment on its updated guidance on Software Bill of Materials SBOM to reflect the current state of maturity in software transparency and supply chain security. Building on the 2021 NTIA SBOM Minimum Elements, this update aims to help agencies and organizations to manage...

7.1AI score
Exploits0
Amazon
Amazon
added 2025/08/18 12:0 a.m.6 views

Medium: gnutls

Issue Overview: A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an...

8.2CVSS6.6AI score0.01185EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2025-1140)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1140 advisory. A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName...

8.2CVSS6.3AI score0.01185EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/08/17 5:25 p.m.16 views

CVE-2025-7961

Improper Control of Generation of Code 'Code Injection' vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0...

6.9CVSS7.4AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 2025/08/15 5:15 p.m.11 views

CVE-2025-7961

Improper Control of Generation of Code 'Code Injection' vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0...

6.9CVSS0.00186EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.7 views

PT-2025-33497

Name of the Vulnerable Software and Affected Versions: Wulkano KAP version 3.6.0 Description: Improper Control of Generation of Code 'Code Injection' in Wulkano KAP on MacOS allows TCC Bypass. Recommendations: At the moment, there is no information about a newer version that contains a fix for th...

6.9CVSS6.1AI score0.00186EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2025/08/12 11:35 p.m.4 views

SUSE CVE-2025-8672

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application...

7.8CVSS6.9AI score0.003EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/08/12 12:30 p.m.11 views

com.appmattus.certificatetransparency:certificatetransparency (>=0.3.0 <=1.1.1), com.appmattus.certificatetransparency:certificatetransparency-android (>=0.3.0 <=1.1.1) +27 more potentially affected by CVE-2025-8885 via org.bouncycastle:bctls-jdk15to18 (>=1.66 <=1.70)

org.bouncycastle:bctls-jdk15to18 MAVEN version =1.66, =0.3.0, =0.3.0, =2.0.0, =1.0.0, =1.0.0, =5.23.1, =3.8.1, =1.9.1, =1.0.0-LOCAL, =1.0.0, =2.15.1, =1.0.2, =1.8.1, =1.8.6 and more Source cves: CVE-2025-8885 Source advisory: OSV:GHSA-67MF-3CR5-8W23...

6.3CVSS6.7AI score0.00505EPSS
Exploits0
OSV
OSV
added 2025/08/11 1:15 p.m.4 views

CVE-2025-8672

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application...

7.8CVSS7.2AI score
Exploits0References4
Rows per page
Query Builder