Lucene search
K

326 matches found

NVD
NVD
added 2026/02/02 2:16 p.m.10 views

CVE-2026-24070

During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...

8.8CVSS0.00213EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/02 1:15 p.m.6 views

CVE-2026-24070

During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...

8.8CVSS5.8AI score0.00213EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/02 1:15 p.m.5 views

CVE-2026-24070 Local Privilege Escalation via DYLIB Injection in Native Instruments Native Access

During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...

5.8AI score0.00213EPSS
Exploits1References2
CVE
CVE
added 2026/02/02 1:15 p.m.12 views

CVE-2026-24070

CVE-2026-24070 describes a local privilege escalation in Native Instruments Native Access. The installer deploys a privileged helper (com.native-instruments.NativeAccess.Helper2) used via XPC to perform actions like copy-file, remove, or set-permissions. The XPC service restricts access to client...

8.8CVSS5.8AI score0.00213EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.7 views

Native Instruments Native Access 安全漏洞

Native Instruments Native Access is a one-stop device management center provided by the German company Native Instruments. There is a security vulnerability in Native Instruments Native Access, which stems from the application having permission to allow DYLIB injection, potentially leading to...

8.8CVSS5.8AI score0.00213EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : gtk3-3.22.30-12.el8_10.ML.1 (AXSA:2024-8871:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8871:01 advisory. gtk3: gtk2: Library injection from CWD CVE-2024-6655 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

7CVSS7.2AI score0.00464EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 9 : gtk3-3.24.31-5.el9 (AXSA:2024-9213:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9213:03 advisory. gtk3: gtk2: Library injection from CWD CVE-2024-6655 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

7CVSS6.7AI score0.00464EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.8 views

CVE-2023-31210

Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries...

8.8CVSS7.2AI score0.00536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.9 views

CVE-2024-41138

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams work or school 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject...

9.8CVSS6.8AI score0.00881EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.9 views

CVE-2024-41165

A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of th...

9.1CVSS6.9AI score0.00722EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/19 3:16 p.m.5 views

CVE-2025-64723

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...

4.8CVSS6.7AI score0.00106EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 4:15 p.m.10 views

CVE-2025-64723

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...

4.8CVSS0.00106EPSS
Exploits0References5
CVE
CVE
added 2025/12/18 3:15 p.m.9 views

CVE-2025-64723

Summary: Arduino IDE for macOS prior to 2.3.7 had overly permissive security entitlements that could bypass the macOS Hardened Runtime protections, enabling an attacker to inject malicious dynamic libraries into the process and access all TCC permissions granted to the app. Impact (as stated): by...

4.8CVSS6.3AI score0.00106EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/12/18 3:15 p.m.7 views

EUVD-2025-204309

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...

4.8CVSS6.2AI score0.00106EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/18 3:15 p.m.33 views

CVE-2025-64723 Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...

4.8CVSS0.00106EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/18 3:15 p.m.5 views

CVE-2025-64723 Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...

4.8CVSS6.3AI score0.00106EPSS
Exploits0References5
OSV
OSV
added 2025/12/18 3:15 p.m.8 views

CVE-2025-64723 Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...

4.8CVSS6.6AI score0.00106EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52244

Name of the Vulnerable Software and Affected Versions Arduino IDE versions prior to 2.3.7 Description Arduino IDE for macOS, before version 2.3.7, had overly permissive security entitlements. This configuration bypassed macOS Hardened Runtime protections, allowing attackers to inject malicious...

4.8CVSS6.6AI score0.00106EPSS
Exploits0References7
EUVD
EUVD
added 2025/12/10 9:46 a.m.6 views

EUVD-2025-202416

A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic link validation,...

8.8CVSS7.4AI score0.0014EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/10 9:46 a.m.9 views

CVE-2025-7073 Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic...

8.8CVSS6.4AI score0.0014EPSS
Exploits0References1
Rows per page
Query Builder