https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 28 May 2026 03:13:14 +0000 https://db.gcve.eu/sighting/56e62e40-1efb-4675-a246-0cf0e99be6a5/export {"uuid": "56e62e40-1efb-4675-a246-0cf0e99be6a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-5963", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18928", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-5963\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: The Postbox's configuration on macOS, specifically the presence of entitlements: \"com.apple.security.cs.allow-dyld-environment-variables\" and \"com.apple.security.cs.disable-library-validation\" allows for Dynamic Library (Dylib) injection. A local attacker with unprivileged access can use environment variables like DYLD_INSERT_LIBRARIES to successfully inject code in application's context and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.\n\nThe original company behind Postbox is no longer operational, the software will no longer receive updates. The acquiring company (em Client) did not cooperate in vulnerability disclosure.\n\ud83d\udccf Published: 2025-06-20T10:01:56.720Z\n\ud83d\udccf Modified: 2025-06-20T10:01:56.720Z\n\ud83d\udd17 References:\n1. https://cert.pl/en/posts/2025/06/tcc-bypass/\n2. https://www.postbox-inc.com/", "creation_timestamp": "2025-06-20T10:44:17.000000Z"} {"uuid": "56e62e40-1efb-4675-a246-0cf0e99be6a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-5963", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18928", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-5963\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: The Postbox's configuration on macOS, specifically the presence of entitlements: \"com.apple.security.cs.allow-dyld-environment-variables\" and \"com.apple.security.cs.disable-library-validation\" allows for Dynamic Library (Dylib) injection. A local attacker with unprivileged access can use environment variables like DYLD_INSERT_LIBRARIES to successfully inject code in application's context and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.\n\nThe original company behind Postbox is no longer operational, the software will no longer receive updates. The acquiring company (em Client) did not cooperate in vulnerability disclosure.\n\ud83d\udccf Published: 2025-06-20T10:01:56.720Z\n\ud83d\udccf Modified: 2025-06-20T10:01:56.720Z\n\ud83d\udd17 References:\n1. https://cert.pl/en/posts/2025/06/tcc-bypass/\n2. https://www.postbox-inc.com/", "creation_timestamp": "2025-06-20T10:44:17.000000Z"} https://db.gcve.eu/sighting/56e62e40-1efb-4675-a246-0cf0e99be6a5/export Fri, 20 Jun 2025 10:44:17 +0000