Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Postbox's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation" allows
The Phoenix Code's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation" al
A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened
FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the Fro
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime enti
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An a
A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileInteg
A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system.
Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to a
An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
CVE-2025-30462
CRITICAL CVSS 9.8
Find Similar
A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Apps that appear to use App Sandbox may be a
A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to modify protected parts of th
CVE-2025-34089
CRITICAL CVSS 9.3
Find Similar
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application
CVE-2025-24246
CRITICAL CVSS 9.8
Find Similar
An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data.
The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control (TCC) policies, enabling the exploitation or abuse of permissions specified i
A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipul
CVE-2024-41165
CRITICAL CVSS 9.1
Find Similar
A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application c
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to circumvent sandbox restrictions.
Page 1+ Next →