CVE-2026-22078

CVE-2026-22078 concerns O+ Connect where an unauthenticated IPC service allows a local attacker to escalate privileges via the IPC channel. The root cause is lack of client authentication on the IPC interface, enabling external applications to perform sensitive actions with elevated privileges. T...

CVE-2026-22078 O+ Connect's lack of authentication for IPC channels led to a local privilege escalation vulnerability.

Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel...

CVE-2026-52993

A flaw was found in the Linux kernel's Transparent Inter-Process Communication TIPC module. This vulnerability, a double-free, occurs when the tipcbufappend function incorrectly handles memory after a socket buffer skb reallocation. An attacker could potentially exploit this to cause system...

CVE-2026-53202 accel/ivpu: Fix signed integer truncation in IPC receive

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied datasize is cast to signed int before being used in mint. Large unsigned values = 0x80000000 become negative, causing...

CVE-2026-52930

A flaw was found in the Linux kernel's inter-process communication IPC shared memory shm component. A synchronization issue exists where orphaned shared memory segments might be incorrectly destroyed while still in use due to a lack of serialization between cleanup and attachment updates. This...

CVE-2026-52923

In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...

Astra Linux – Vulnerability in Linux, Linux 5.10

A stack overflow flaw was discovered in the Linux kernel’s TIPC protocol functionality. This flaw occurs when a user sends a packet containing malicious content, where the number of domain member nodes exceeds the allowed limit of 64. This flaw allows a remote user to crash the system or...

Astra Linux – Vulnerability in Firefox and Thunderbird

When creating a callback via IPC to display the File Picker window, multiple identical callbacks might be created at once. Eventually, all of them would be destroyed as soon as one of the callbacks is completed. This could lead to a use-after-free condition, resulting in a potentially exploitable...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the module and resolve request types in the internal IPC server. An attacker can access sensitive files and secrets by connecting to the world-accessible abstract-namespace Unix socket and issuing craft...

systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data

A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication IPC API call with spurious data. In older versions v249 and earlier, this can lead to stack overwriting with attacker-controlled content,...

Falco 0.44.1

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco...

CVE-2026-41981

Out-of-bounds write vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-41982

Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-41981

Out-of-bounds write vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability...

Logseq 安全漏洞

Logseq is an open-source knowledge management and collaboration platform developed by Logseq. Version Logseq v0.10.15 contains a security vulnerability. This vulnerability stems from the Electron preloaded scripts, which expose an API method. This allows the rendering process to call IPC handlers...

Huawei HarmonyOS 资源管理错误漏洞

Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. There is a resource management vulnerability in HUAWEI HarmonyOS, which stems from a race condition in the IPC module and may...

PT-2026-47697

Out-of-bounds write vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability...

EUVD-2026-34977

clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...

CVE-2026-42045

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the...

CVE-2026-34929

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism. Please note: an attacker must first obtain the ability to...