|
1181
|
8.4 |
HIGH
Local
|
-
|
-
|
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity …
|
CWE-1287
Improper Validation of Specified Type of Input
|
CVE-2026-40851
|
2026-05-27 23:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1182
|
7.2 |
HIGH
Network
|
-
|
-
|
A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it …
|
CWE-78
OS Command
|
CVE-2026-40852
|
2026-05-27 23:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1183
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data.
|
CWE-285
Improper Authorization
|
CVE-2025-43289
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1184
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2025-43290
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1185
|
7.8 |
HIGH
Local
|
-
|
-
|
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges.
|
CWE-269
Improper Privilege Management
|
CVE-2025-43306
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1186
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
|
CWE-284
Improper Access Control
|
CVE-2025-43451
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1187
|
5.5 |
MEDIUM
Local
|
-
|
-
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination.
|
CWE-125
Out-of-bounds Read
|
CVE-2025-46280
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1188
|
7.0 |
HIGH
Local
|
-
|
-
|
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges.
|
CWE-362
Race Condition
|
CVE-2025-46284
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1189
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
|
CWE-284
Improper Access Control
|
CVE-2025-46307
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1190
|
7.1 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Woocommerce Envato Affiliates: from n…
|
CWE-862
Missing Authorization
|
CVE-2025-14361
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
