323 matches found
CVE-2026-24064
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...
EUVD-2026-35447
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...
CVE-2026-24064
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...
CVE-2026-24064
Waves Central for macOS (versions 13.0.9–16.5.5) contains a local privilege escalation due to a trusted XPC client component signed with hardened runtime entitlements that allows dynamic library injection via DYLD_INSERT_LIBRARIES. An attacker can inject code into the trusted process at launch, w...
CVE-2026-24064 Local Privilege Escalation via Dynamic Library Injection in Waves Central for macOS
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...
CVE-2026-24064 Local Privilege Escalation via Dynamic Library Injection in Waves Central for macOS
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...
COORG_EXECUTOR
🚀 COORG-EXECUTOR - Professional Roblox Script Executor for...
Astra Linux - уязвимость в gtk+3.0, gtk+2.0
A flaw was discovered in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory...
[SECURITY] Fedora 44 Update: gammaray-3.1.0-20.fc44
A tool to poke around in a Qt-application and also to manipulate the application to some extent. It uses various DLL injection techniques to hook into an application at run-time and provide access to a lot of interesting information. GammaRay can introspect Qt 6 and Qt 5 applications...
uutils coreutils has an Untrusted Search Path
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...
EUVD-2026-25014
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...
CVE-2026-35366
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...
CVE-2026-35366 uutils coreutils printenv Security Inspection Bypass via UTF-8 Enforcement
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...
PT-2026-34502
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...
CVE-2026-30479
A flaw was found in MapServer. This Dynamic-link Library DLL Injection vulnerability allows attackers to execute arbitrary code. The flaw can be exploited by providing a specially crafted executable, potentially leading to unauthorized control over the affected system...
EUVD-2026-20960
A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable...
CVE-2026-30479
A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...
PT-2026-31656
A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable...
CVE-2026-30478
A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable...
CVE-2026-24070
During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...