VYPR

Superduper

by Superduper Io

Source repositories

CVEs (4)

  • CVE-2026-31225HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The _parse_op_part() function in query.py uses the unsafe eval() function to dynamically evaluate user-supplied query operands without proper sanitization…

  • CVE-2025-61229Dec 1, 2025
    risk 0.00cvss epss 0.00

    An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls.

  • CVE-2025-61228Dec 1, 2025
    risk 0.00cvss epss 0.00

    An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism

  • CVE-2025-57489Dec 1, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary.