2026-02-25
2026-02-25 23:00Z
HIGH

Intego X9: Why your macOS antivirus should not trust PIDs

Quarkslab·blog.quarkslab.com

Quarkslab published a detailed reverse-engineering analysis of Intego X9 antivirus on macOS, demonstrating a PID-reuse race condition that bypasses XPC authentication checks. The vulnerability exploits the NTGCodeSigningVerifier class's reliance on process identifiers rather than audit tokens, allowing unprivileged code to impersonate trusted Intego processes and escalate privileges. The research includes static analysis via Ghidra, dynamic debugging with Frida, and proof-of-concept exploitation techniques.

SRFApplicationSRFOsTACTA0004TACTA0005VNDIntegoTYPResearchTYPWriteupTYPVulnerability
78
Edit Score
2026-02-25
2026-02-25 22:16Z
CRIT

CVE-2026-27148 — Storybook Storybook: Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27148

Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability only affects the Storybook dev server; production builds are not impacted. Exploitation requires a developer to visit a malicious website while their local Storybook dev server is ru CVSSv3.1 9.6 (CRITICAL)

CWECWE 74CWECWE 79CWECWE 346VNDStorybookTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2026-02-25
2026-02-25 21:16Z
HIGH

CVE-2026-26965 — Freerdp Freerdp: A malicious RDP server can exploit this to perform a heap out-of-bounds write with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-26965

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, `planar_decompress_plane_rle()` writes into `pDstData` at `((nYDst+y) * nDstStep) + (4*nXDst) + nChannel` without verifying that `(nYDst+nSrcHeight)` fits in the destination height or that `(nXDst+nSrcWidth)` fits in the destination stride. When `TempFormat != DstFormat`, `pDstData` becomes `planar->pTempData` (sized for the desktop), while `nYDst` is only CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDFreerdpTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-02-25
2026-02-25 21:16Z
HIGH

CVE-2026-26955 — Freerdp Freerdp: Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-26955

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline (e.g., `xfreerdp`) by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination rectangle. The `gdi_SurfaceCommand_ClearCodec()` handler does not call `is_within_surface()` to validate the command rectangle against the destination surface dimensions, allowing a CVSSv3.1 8.8 (HIGH)

CWECWE 787CWECWE 805VNDFreerdpTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-02-25
2026-02-25 20:06Z
CRIT

Buy A Help Desk, Bundle A Remote Access Solution? (SolarWinds Web Help Desk Pre-Auth RCE Chain(s))

watchTowr Labs disclosed three new pre-authentication vulnerabilities in SolarWinds Web Help Desk (CVE-2025-40552, CVE-2025-40553, CVE-2025-40554) that chain together to achieve unauthenticated RCE on fully patched instances. The vulnerabilities exploit deserialization flaws in the legacy Java WebObjects framework and bypass existing security patches through encoding tricks and parser differential analysis. This represents the fourth major deserialization RCE chain in the product since 2024, with prior patches (CVE-2024-28986, CVE-2024-28988, CVE-2025-26399) all bypassed through similar mechanisms.

SRFApplicationTACTA0001TACTA0002SRFWebVNDSolarwindsTYPWriteupTYPExploitTYPVulnerability
92
Edit Score
2026-02-25
2026-02-25 17:25Z
CRIT

CVE-2026-27727 — Mchange Mchange_commons_java: mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27727

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an application to read a maliciously crafted `jaxax.naming.Reference` or serialized object, they can provoke the download and execution of malicious code. Implementations of this functi CVSSv3.1 9.8 (CRITICAL)

CWECWE 502CWECWE 74VNDMchangeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-25
2026-02-25 17:25Z
CRIT

CVE-2026-20127 — Cisco Catalyst_sd-wan_manager: A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-20127in the wild

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An CVSSv3.1 10.0 (CRITICAL) · EPSS 99th percentile

CWECWE 287VNDCiscoTYPVulnerabilitySTAitw exploited
10.0
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-02-25
2026-02-25 17:00Z
HIGH

Nemesis 2.2

SpecterOps·specterops.io

SpecterOps released Nemesis 2.2, a major update to their file enrichment and triage platform with significant new capabilities for processing large forensic containers (disk images), LLM-powered agents for automated triage and analysis, and comprehensive DPAPI decryption support for Chromium-based browsers. The release emphasizes both offensive and defensive use cases, with 10-30x performance improvements in text file processing and new functionality for extracting credentials, analyzing .NET assemblies, and handling modern browser encryption schemes including Chrome's v3 app-bound encryption.

SRFApplicationSRFOsTACTA0006TACTA0007VNDSpecteropsTYPResearchTYPToolSTGCred Access
82
Edit Score
2026-02-25
2026-02-25 13:16Z
CRIT

CVE-2026-2624 — Epati Antikor_next_generation_firewall: Missing Authentication for Critical Function vulnerability in ePati Cyber ​​Security Technologies Inc.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2624

Missing Authentication for Critical Function vulnerability in ePati Cyber ​​Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows Authentication Bypass. This issue affects Antikor Next Generation Firewall (NGFW): from v.2.0.1298 before v.2.0.1301. CVSSv3.1 9.8 (CRITICAL) · EPSS 86th percentile

CWECWE 306VNDEpatiTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2026-02-25
2026-02-25 12:00Z
INFO

mquire: Linux memory forensics without external dependencies

Trail of Bits·blog.trailofbits.com

Trail of Bits open-sourced mquire, a Linux memory forensics tool that eliminates the need for external debug symbols by extracting type information from BTF (BPF Type Format) and symbol addresses from Kallsyms directly within memory dumps. The tool provides SQL-based querying of kernel structures including processes, open files, memory mappings, and network connections, supporting kernel 4.18+ with BTF and 6.4+ with Kallsyms.

SRFOsTACTA0007OSLinuxTYPResearchTYPToolSTGDiscoverySTGCollection
78
Edit Score
2026-02-25
2026-02-25 03:16Z
HIGH

CVE-2026-27608 — Parseplatform Parse_dashboard: In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) does not

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27608

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by changing the app ID in the URL. Read-only users are given the full master key instead of the read-only master key and can supply write permissions in the request body to perform wri CVSSv3.1 8.1 (HIGH) · EPSS 12th percentile

CWECWE 862VNDParseplatformVNDParseTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-02-25
2026-02-25 03:16Z
CRIT

CVE-2026-27606 — Rollupjs Rollup: Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27606

Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host files CVSSv3.1 9.8 (CRITICAL)

CWECWE 22VNDRollupjsVNDRollupTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 16:24Z
HIGH

CVE-2025-63409 — Gcomtw Gcom_epon_1ge_firmware: Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-63409

Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials. CVSSv3.1 8.8 (HIGH) · EPSS 21th percentile

CWECWE 284VNDGcomtwTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2807 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2807

Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148 and Thunderbird 148. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2806 — Mozilla Firefox: Uninitialized memory in the Graphics: Text component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2806

Uninitialized memory in the Graphics: Text component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. CVSSv3.1 9.1 (CRITICAL)

CWECWE 908CWECWE 457VNDMozillaVNDUninitializedTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2805 — Mozilla Firefox: Invalid pointer in the DOM: Core & HTML component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2805

Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. CVSSv3.1 9.8 (CRITICAL)

CWECWE 824VNDMozillaVNDInvalidTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2800 — Mozilla Firefox: Spoofing issue in the WebAuthn component in Firefox for Android.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2800

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148. CVSSv3.1 9.8 (CRITICAL)

CWECWE 290VNDMozillaVNDSpoofingTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2799 — Mozilla Firefox: Use-after-free in the DOM: Core & HTML component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2799

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
HIGH

CVE-2026-2798 — Mozilla Firefox: Use-after-free in the DOM: Core & HTML component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2798

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDMozillaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2797 — Mozilla Firefox: Use-after-free in the JavaScript: GC component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2797

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2796 — Mozilla Firefox: JIT miscompilation in the JavaScript: WebAssembly component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2796

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. CVSSv3.1 9.8 (CRITICAL)

CWECWE 843VNDMozillaVNDJitTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2795 — Mozilla Firefox: Use-after-free in the JavaScript: GC component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2795

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2793 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2793

Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2792 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2792

Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2791 — Mozilla Firefox: Mitigation bypass in the Networking: Cache component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2791

Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288VNDMozillaVNDMitigationTYPVulnerability
9.8
CVSS v3.1
99
Edit Score