60 matches found
EUVD-2024-49537
Malicious code in bioql PyPI...
CVE-2025-10947 Sistemas Pleno Gestão de Locação CPF validarCpf authorization
A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing a manipulation of the argument pescpf can lead to authorization bypass. The attack can be...
CVE-2024-9062
The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitra...
CVE-2024-9062
The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitra...
CVE-2024-9062
CVE-2024-9062 – macOS Archify local privilege escalation : The vulnerability affects the Archify privileged helper tool, com.oct4pie.archifyhelper, which runs as root and is exposed via XPC. The root cause is insufficient client validation by the helper, which does not verify code signatures, ent...
CVE-2024-9062 macOS Archify: Local Privilege Escalation
The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitra...
CVE-2024-9062 macOS Archify: Local Privilege Escalation
The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitra...
PT-2025-25173 · Archify · Archify
Name of the Vulnerable Software and Affected Versions: Archify affected versions not specified Description: The issue is related to insufficient client validation in the privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. This tool is responsible for privileged operations...
CVE-2025-0691
Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation...
CVE-2024-55968
An issue was discovered in DTEX DEC-M DTEX Forwarder 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interprocess communication IPC. Specifically, the...
CVE-2023-24068
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into...
CVE-2020-3974
VMware Fusion 11.x before 11.5.5, VMware Remote Console for Mac 11.x and prior before 11.2.0 and Horizon Client for Mac 5.x and prior before 5.4.3 contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with...
CVE-2020-15892
An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length...
CVE-2024-55968
An issue was discovered in DTEX DEC-M DTEX Forwarder 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interprocess communication IPC. Specifically, the...
Mozilla Thunderbird < 128.5.2
The version of Thunderbird installed on the remote Windows host is prior to 128.5.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-69 advisory. - The Matrix specification demands homeservers to perform validation of the server-name and media-id components of MXC URIs...
CVE-2024-8272
The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication IPC. Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to...
CVE-2024-4395 Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation...
keycloak: secondary factor bypass in step-up authentication
A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication...
EulerOS 2.0 SP5 : golang (EulerOS-SA-2024-1140)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...
EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-3299)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...