CVE-2026-26422

clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...

PT-2026-47167

Name of the Vulnerable Software and Affected Versions clash-verge-service-ipc versions prior to 2.3.0 Description The software contains a world-reachable IPC Inter-Process Communication endpoint, which is a mechanism that allows different processes to communicate. This configuration allows for...

CVE-2026-9560

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel...

PT-2026-43371

Name of the Vulnerable Software and Affected Versions OpenVPN Connect versions 3.5.1 through 3.8.1 Description A privilege escalation issue exists in the background service of OpenVPN Connect on macOS. This allows attackers to execute arbitrary commands with elevated privileges by utilizing a loc...

CVE-2026-34929

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism. Please note: an attacker must first obtain the ability to...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: ipc: Fix for use-after-free in ipcmsgsendrequest The ipcmsgsendrequest function waits for a generic netlink reply using an ipcmsgtableentry on the stack. The generic netlink handler handlegenericevent/handleresponse fil...

Astra Linux - уязвимость в linux-5.10

A vulnerability was discovered in the net/tipc/crypto.c file within the Linux kernel before version 5.14.16. The Transparent Inter-Process Communication TIPC functionality allows remote attackers to exploit a lack of sufficient validation of the user-supplied sizes for the MSGCRYPTO message type...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Corrected the allocation size for bytes controls. The size of the data behind scontrol-ipccontroldata for bytes controls is as follows: 1 sizeofstruct sofipc4controldata + // kernel-only struct 2...

CVE-2026-42045 LobeHub: Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the...

MiracleLinux 9 : systemd-252-55.el9_7.9.ML.1 (AXSA:2026-609:06)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-609:06 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description...

EUVD-2026-28788

Akamai Guardicore Platform Agent GPA and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the...

CVE-2026-34354

CVE-2026-34354 affects Akamai Guardicore Platform Agent (GPA) on Linux/macOS and Akamai Zero Trust Client, versions 7.0–7.3.1 and 6.0–6.1.5 respectively. The vulnerability is TOCTOU-based local privilege escalation caused by the GPA service creating a world-writable IPC socket in /tmp and accepti...

mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()

...

systemd security update

257-13.0.1.el101.3 - Fix detection of Oracle Virtualization or BM envs Orabug: 37531877 - Avoid udevadm warnings when using udev valid configs Orabug: 37503197 - allow dm remove ioctl to co-operate with UEK3 Orabug: 18467469 - set 'RemoveIPC=no' in logind.conf as default Orabug: 22224874 - Fix...

EUVD-2026-26516

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipcvalidatemsg ipcvalidatemsg computes the expected message size for each response type by adding or multiplying attacker-controlled fields from the daemon response to a fixed struct size in...

MiroFish 注入漏洞

MiroFish is a crowd intelligence prediction engine developed by BaiFu personally. It is used to simulate and predict the future. Versions of MiroFish 0.1.2 and earlier have a vulnerability related to command injection, which stems from the SimulationIPCClient.sendcommand function in the...

CVE-2026-31662

A flaw was found in the Linux kernel's Transparent Inter-Process Communication TIPC protocol. An attacker can exploit an integer underflow vulnerability by sending duplicate group acknowledgment messages GRPACKMSG. This causes the bcackers counter to wrap around, leading to persistent network...

CVE-2026-41477

Technical details about CVE-2026-41477 are not publicly available in the provided documents; no affected versions, root cause, or remediation details are disclosed here. Monitor for updates.

EUVD-2026-25623

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...

PT-2026-35076

Name of the Vulnerable Software and Affected Versions Deskflow versions prior to 1.20.0 Deskflow versions prior to 1.26.0.134 Description The Deskflow daemon runs with SYSTEM privileges and exposes an Inter-Process Communication IPC named pipe with the WorldAccessOption enabled. This configuratio...