Mas0Nshi

Researcher fromDBAppSecurity's WeBin lab
#12241of 53,633
22.4Total CVSS
Vulnerabilities · 3
High
3
PT-2026-39787
7.5
2026-05-11
Apple · Macos Sequoia · CVE-2026-28924
**Name of the Vulnerable Software and Affected Versions** macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 **Description** A race condition exists due to improper handling of symbolic links, which are shortcuts that point to another file or directory. This flaw may allow an application to access Contacts without obtaining user consent. **Recommendations** Update macOS Sequoia to version 15.7.7. Update macOS Sonoma to version 14.8.7. Update macOS Tahoe to version 26.5.
PT-2025-41599
7.2
2025-10-10
Happy-Dom · Happy-Dom · CVE-2025-61927
**Name of the Vulnerable Software and Affected Versions** Happy DOM versions 19 and lower **Description** Happy DOM, a JavaScript implementation of a web browser without a graphical user interface, contains a security issue that could lead to Remote Code Execution (RCE) attacks. The Node.js VM Context within Happy DOM is not fully isolated. Running untrusted JavaScript code within this context may allow it to escape the VM and gain access to process-level functionality. The extent of control an attacker gains depends on whether the process uses ESM or CommonJS. With CommonJS, an attacker can potentially access the `require()` function to import modules. JavaScript evaluation is enabled by default in Happy DOM, which may pose a risk if untrusted code is executed within the environment. Approximately 2.7 million weekly downloads are impacted. **Recommendations** Upgrade to version 20.0.0 or later, which disables JavaScript evaluation by default.
PT-2025-18939
7.7
2025-05-03
Apple · Ios · CVE-2025-31207
**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.5 iPadOS versions prior to 18.5 **Description** A logic issue was identified and addressed through improved checks within the FrontBoard component. This issue allows an application to potentially enumerate a user's installed applications. Reports indicate that this issue has been exploited by some App Store applications to detect the presence of TrollStore on a device. **Recommendations** Update to iOS version 18.5 or later. Update to iPadOS version 18.5 or later.