Lucene search
K

60 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-49537

Malicious code in bioql PyPI...

7.8CVSS6.6AI score0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/25 1:2 p.m.3 views

CVE-2025-10947 Sistemas Pleno Gestão de Locação CPF validarCpf authorization

A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing a manipulation of the argument pescpf can lead to authorization bypass. The attack can be...

6.9CVSS5.6AI score0.00365EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/06/13 12:11 a.m.9 views

CVE-2024-9062

The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitra...

7.8CVSS7.7AI score0.00125EPSS
Exploits0References1
NVD
NVD
added 2025/06/11 12:15 a.m.10 views

CVE-2024-9062

The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitra...

7.8CVSS0.00125EPSS
Exploits0References2
CVE
CVE
added 2025/06/10 11:25 p.m.55 views

CVE-2024-9062

CVE-2024-9062 – macOS Archify local privilege escalation : The vulnerability affects the Archify privileged helper tool, com.oct4pie.archifyhelper, which runs as root and is exposed via XPC. The root cause is insufficient client validation by the helper, which does not verify code signatures, ent...

7.8CVSS7.7AI score0.00125EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/10 11:25 p.m.14 views

CVE-2024-9062 macOS Archify: Local Privilege Escalation

The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitra...

7.8CVSS0.00125EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/10 11:25 p.m.12 views

CVE-2024-9062 macOS Archify: Local Privilege Escalation

The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitra...

7.8CVSS7.5AI score0.00125EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.6 views

PT-2025-25173 · Archify · Archify

Name of the Vulnerable Software and Affected Versions: Archify affected versions not specified Description: The issue is related to insufficient client validation in the privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. This tool is responsible for privileged operations...

7.8CVSS6.3AI score0.00125EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/06/07 2:6 p.m.17 views

CVE-2025-0691

Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation...

5CVSS5AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.6 views

CVE-2024-55968

An issue was discovered in DTEX DEC-M DTEX Forwarder 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interprocess communication IPC. Specifically, the...

8.8CVSS7.1AI score0.00979EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:56 a.m.6 views

CVE-2023-24068

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into...

7.8CVSS6.6AI score0.00372EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:49 p.m.9 views

CVE-2020-3974

VMware Fusion 11.x before 11.5.5, VMware Remote Console for Mac 11.x and prior before 11.2.0 and Horizon Client for Mac 5.x and prior before 5.4.3 contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with...

7.8CVSS7.5AI score0.00359EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:0 p.m.8 views

CVE-2020-15892

An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length...

9.8CVSS7.2AI score0.01638EPSS
Exploits1
NVD
NVD
added 2025/01/28 10:15 p.m.11 views

CVE-2024-55968

An issue was discovered in DTEX DEC-M DTEX Forwarder 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interprocess communication IPC. Specifically, the...

8.8CVSS0.00979EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.8 views

Mozilla Thunderbird < 128.5.2

The version of Thunderbird installed on the remote Windows host is prior to 128.5.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-69 advisory. - The Matrix specification demands homeservers to perform validation of the server-name and media-id components of MXC URIs...

5.3CVSS8.2AI score0.00835EPSS
Exploits0References2
NVD
NVD
added 2024/11/25 6:15 p.m.15 views

CVE-2024-8272

The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication IPC. Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to...

7.8CVSS0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/27 9:28 p.m.10 views

CVE-2024-4395 Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation

The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation...

7.3CVSS6.7AI score0.00211EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/04/16 8:26 p.m.5 views

keycloak: secondary factor bypass in step-up authentication

A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication...

5CVSS5.8AI score0.00603EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/02/08 12:0 a.m.47 views

EulerOS 2.0 SP5 : golang (EulerOS-SA-2024-1140)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

8.1CVSS7.6AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.52 views

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-3299)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

8.1CVSS7.6AI score0.99999EPSS
Exploits19References7
Rows per page
Query Builder