giovannipajeu1

10 exploits Active since Jan 2024
CVE-2023-50643 NOMISEC CRITICAL WRITEUP
Evernote for MacOS <10.68.2 - RCE
An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.
8 stars
CVSS 9.8
CVE-2024-23739 NOMISEC CRITICAL WRITEUP
Discord for macOS <0.0.291 - RCE
An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
3 stars
CVSS 9.8
CVE-2024-23742 NOMISEC CRITICAL SUSPICIOUS
Loom < 0.196.1 - Code Injection
An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor disputes this because it requires local access to a victim's machine.
1 stars
CVSS 9.8
CVE-2024-23738 NOMISEC CRITICAL WRITEUP
Postman < 10.22 - Remote Code Execution
An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.."
1 stars
CVSS 9.8
CVE-2024-23743 NOMISEC LOW WRITEUP
Notion <3.1.0 - RCE
Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment."
1 stars
CVSS 3.3
CVE-2024-23740 NOMISEC CRITICAL SUSPICIOUS
Kap for macOS <3.6.0 - RCE
An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
CVSS 9.8
CVE-2024-23741 NOMISEC CRITICAL WRITEUP
Vercel Hyper < 3.4.1 - Code Injection
An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
CVSS 9.8
CVE-2024-23743 INTHEWILD LOW WRITEUP
Notion <3.1.0 - RCE
Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment."
CVSS 3.3
CVE-2023-50643 INTHEWILD CRITICAL WRITEUP
Evernote for MacOS <10.68.2 - RCE
An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.
CVSS 9.8
CVE-2024-23738 INTHEWILD CRITICAL WRITEUP
Postman < 10.22 - Remote Code Execution
An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.."
CVSS 9.8