Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with
The Phoenix Code's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation" al
The Postbox's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation" allows
MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to att
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x p
The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control (TCC) policies, enabling the exploitation or abuse of permissions specified i
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local
MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local use
Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application)
On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency, Consen
An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the m
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime enti
The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inher
A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened
During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication l
Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to a
The configuration of Cursor on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC (Transparency, Cons
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality
The configuration of Nozbe on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC (Transparency, Consen
MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local u
Page 1+ Next →