48 matches found
CVE-2026-20633
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data...
CVE-2026-20694
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...
EUVD-2026-15068
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...
CVE-2026-28216 hoppscotch has IDOR in updateUserEnvironment / deleteUserEnvironment
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal environment by ID. user-environments.resolver.ts:82-109, updateUserEnvironment mutation uses @UseGuardsGqlAuthGuard but is missing the @GqlUser...
CVE-2025-43475
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data...
CVE-2025-43390
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to access user-sensitive data...
EUVD-2020-16694
Malware in sbrugna...
EUVD-2011-4042
Malware in sbrugna...
EUVD-2019-17146
Malware in sbrugna...
EUVD-2019-11919
Malware in sbrugna...
EUVD-2019-6346
Malware in sbrugna...
EUVD-2021-21889
Malware in sbrugna...
EUVD-2025-13343
Malicious code in bioql PyPI...
EUVD-2022-15768
Malicious code in bioql PyPI...
EUVD-2024-36003
Malicious code in bioql PyPI...
EUVD-2025-14626
Malicious code in bioql PyPI...
EUVD-2022-52282
Malicious code in bioql PyPI...
CVE-2025-27455
CVE-2025-27455 is linked to a clickjacking vulnerability in Endress+Hauser MEAC300-FNADE4 web interface (end-user frame embedding allowed). Connected sources confirm the affected product and vulnerability class but do not provide a confirmed patch/version fix; one PT-SEC source notes no available...
CVE-2025-49192
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives. This could potentially reveal confidential information or allow others to take control of...
PT-2025-24503 · WordPress · Backup/Staging By Wp Time Capsule
Name of the Vulnerable Software and Affected Versions: Backup and Staging by WP Time Capsule versions 1.22.23 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This means an...