803 matches found
CVE-2026-28889
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root...
CVE-2026-28889
The CVE-2026-28889 entry pertains to Xcode prior to version 26.4, where a permissions issue could allow an app to read arbitrary files as root. The root cause is described as insufficient/added restrictions around permissions in the affected components. Apple’s advisory (Xcode 26.4) fixes the iss...
Apple Xcode 安全漏洞
Apple Xcode is an integrated development environment provided by the American company Apple for developers. It is primarily used for developing applications for Mac OS X and iOS. Versions of Apple Xcode prior to 26.4 contained security vulnerabilities, which were due to permission issues,...
PT-2026-27606
Name of the Vulnerable Software and Affected Versions Xcode versions prior to 26.4 Description An out-of-bounds read issue was identified and addressed through improved bounds checking. This flaw could allow an application to trigger unexpected system termination. Recommendations Update to Xcode...
PT-2026-27605
Name of the Vulnerable Software and Affected Versions Xcode versions prior to 26.4 Description An issue involving insufficient permissions was corrected through added restrictions. An application could potentially read arbitrary files with root privileges. Recommendations Update to Xcode version...
CVE-2026-2178
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
xcode-mcp-server vulnerable to Command Injection
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
GHSA-84FX-PWF3-7777 xcode-mcp-server vulnerable to Command Injection
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
Arbitrary Command Injection
Overview xcode-mcp-server is an An MCP server for Xcode integration, enabling AI assistants to interact with Xcode projects Affected versions of this package are vulnerable to Arbitrary Command Injection via the registerXcodeTools function in the runlldb component when processing the args argumen...
CVE-2026-2178
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
CVE-2026-2178
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
EUVD-2026-5772
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
CVE-2026-2178 r-huijts xcode-mcp-server run_lldb index.ts registerXcodeTools command injection
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
CVE-2026-2178 r-huijts xcode-mcp-server run_lldb index.ts registerXcodeTools command injection
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
CVE-2026-2178
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
CVE-2026-2178
A vulnerability CVE-2026-2178 affects the r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. It targets the run_lldb component, specifically the registerXcodeTools function in src/tools/xcode/index.ts, where manipulation of the args parameter enables command injection. The ...
PT-2026-7010
Name of the Vulnerable Software and Affected Versions r-huijts xcode-mcp-server versions up to f3419f00117aa9949e326f78cc940166c88f18cb Description A command injection issue exists in the registerXcodeTools function within the src/tools/xcode/index.ts file of the run lldb component. Manipulation ...
Xcode MCP Server 命令注入漏洞
Xcode MCP Server is an Xcode-compatible context protocol server developed by R. Huijts. Xcode MCP Server has a command injection vulnerability, which stems from incorrect handling of the args parameter in the src/tools/xcode/index.ts file, potentially leading to command injection...
MAL-2026-643 Malicious code in @hemanshu_patil/xcode-windows-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 044c927baff7d33a20876552aa27d1a0d5167313b6bc7775fb8b955ebf831e11 The package @hemanshupatil/xcode-windows-x64 was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @hemanshupatil/xcode is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...