PT-2026-47796

1 Local Privilege Escalation via DYLIB Injection CVE-2026-24064 2 Local Privilege Escalation via Insecure XPC Client Validation CVE-2026-24065 Multiple Local Privilege Escalation Vulnerabilities in Waves Audio Waves Central https://t.co/fkys4ePhWy...

EUVD-2026-17484

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...

EUVD-2026-5109

It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler function uses xpcconnectiongetpidarg2 as argument f...

CVE-2025-14979

AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6...

PT-2026-1436

Name of the Vulnerable Software and Affected Versions AirVPN Eddie version 2.24.6 Description The software contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root. Recommendations Update to a newer version that contains a fix for this...

PT-2025-50950

Name of the Vulnerable Software and Affected Versions BuhoNTFS version 1.3.2 Description BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions. The issue stems from vulnerabilities within the XPC service, enabli...

PT-2025-40612

Name of the Vulnerable Software and Affected Versions MacForge version 1.2.0 Beta 1 Description The software contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root. Recommendations At the moment, there is no information about a newer version th...

PT-2024-30811 · Jamf · Jamf Compliance Editor

Name of the Vulnerable Software and Affected Versions: Jamf Compliance Editor versions prior to 1.3.1 Description: The issue concerns a local privilege escalation in the XPC service within the audit functionality of Jamf Compliance Editor on macOS. Recommendations: For versions prior to 1.3.1,...

The vulnerability of the XPC service implementation in the Mac OS X operating system allows a perpetrator to bypass the authentication process.

The vulnerability of the XPC service implementation in the Mac OS X operating system is related to security configuration errors. Exploiting this vulnerability can allow an attacker to bypass authentication procedures and gain administrator privileges...

Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2018-13360)

Microsoft Windows Server 2012 R2, etc. are a series of operating systems released by Microsoft Corporation in the U.S. The Windows Kernel API is one of the kernel APIs application program interfaces. There is a vulnerability in the way the Windows Kernel API executes privileges in Microsoft...

Microsoft Windows Kernel Local Elevation of Privilege Vulnerability (CNVD-2018-13328)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Microsoft Windows 10 is a set of operating systems for personal computers.Windows Server 2016 is a set of server operating systems. A local elevation of privilege vulnerability exists i...

Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2018-10982)

Microsoft Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical mode GUI. An elevation of privilege vulnerability exists in the way the Microsoft Windows Kernel API executes privileges. An attacker could use this vulnerability to emulate a...

The vulnerability of the com.privat.vpn.helper component of the software for accessing VPN services, PrivateVPN, allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the com.privat.vpnhelper component, which implements the XPC service for accessing the PrivateVPN service, is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code with root privileges...

The vulnerability of the XPC interface implementation for accessing the CactusVPN VPN service allows a perpetrator to execute system commands with root privileges.

The vulnerability of the XPC interface implementation for accessing the CactusVPN VPN service is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute system commands with root privileges...

Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2018-00516)

Microsoft Windows 7 SP1 and others are products of Microsoft Corporation in the United States. Microsoft Windows 7 SP1 is an operating system for personal computers; Windows Server 2008 SP2 is a server operating system. kernel is a kernel used in it. An elevation of privilege vulnerability exists...

Microsoft Windows Kernel API Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. The Kernel API is one of the kernel APIs. An elevation of privilege vulnerability exists in the Kernel API in Microsoft Windows. An attacker can exploit this vulnerability by impersonating a process...

Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2016-07613)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the United States. kernel is one of the kernels. An elevation of privilege vulnerability exists in the Microsoft Windows kernel. When the kernel API executes privileges, an attacker can exploit the vulnerabili...

Apple MAC OS X Yosemite XPC Message Handling Type Obfuscation Vulnerability

Apple MAC OS X Yosemite is the latest operating system developed by Apple. Apple MAC OS X Yosemite Handling of coresymbolicationd Handling of XPC messages suffers from a type obfuscation vulnerability that allows an attacker to construct a malicious application and trick a user into parsing it,...