CVE-2024-14032 Twitch Studio LauncherHelper XPC Missing Authorization to Root File Write

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite...

CVE-2024-14032

CVE-2024-14032 affects Twitch Studio (version 0.114.8 and earlier). The vulnerability is in the privileged helper tool, via an unprotected XPC service, allowing a local attacker to call installFromPath:toPath:withReply: to overwrite system files and privileged binaries. This can lead to arbitrary...

EUVD-2025-202391

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...

CVE-2025-9056

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...

CVE-2025-9056

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...

CVE-2025-9056

CVE-2025-9056 describes an unprotected service in the AudioLink component that allows a local attacker to overwrite system files via unauthorized service invocation. The issue is documented across multiple feeds (NVD, Red Hat, EUVD, CIRCL, CNNVD, etc.) with consistent description. Affected compon...

CVE-2025-9056

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...

PT-2025-50303

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...

Millions of (very) private chats exposed by two AI companion apps

Cybernews discovered how two AI companion apps, Chattee Chat and GiMe Chat, exposed millions of intimate conversations from over 400,000 users. This is not the first time we have to write about AI "girlfriends" exposing their secrets—and it probably won't be the last. This latest incident is a...

EUVD-2018-13606

Malware in sbrugna...

EUVD-2022-27413

Malicious code in bioql PyPI...

The vulnerability of the CLI component of the FortiOS operating system for FortiGate network interfaces allows a hacker to disclose sensitive information.

The vulnerability of the CLI component of the FortiOS operating system and the FortiGate network interface devices is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

CVE-2022-30753

Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission...

The vulnerability of the /htdocs/web/getcfg.php file in the D-Link DIR-815 router’s microprogramming software allows a hacker to access confidential information.

The vulnerability of the /htdocs/web/getcfg.php file in the D-Link DIR-815 router microprogramming system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to disclose confidential information through a specially crafted GET request...

The vulnerability of the _asyncio._swap_current_task component in the Python interpreter allows a attacker to access confidential information.

The vulnerability of the asyncio.swapcurrenttask function in the Python interpreter is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential information...

The vulnerability of the Microsoft Exchange Server mail server, related to the lack of protection for service data, allows attackers to disclose protected information.

The vulnerability of Microsoft Exchange Server lies in the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information...

PT-2024-8135 · Unknown · Harmony Industrial Pc Series

Name of the Vulnerable Software and Affected Versions: Harmony Industrial PC series affected versions not specified Description: The issue is related to the exposure of sensitive information to an unauthorized actor, which could cause exposure of credentials when an attacker has access to the...

The vulnerability of the Windows operating system’s network authentication protocol, NT LAN Manager (NTLM), allows attackers to perform spoofing attacks.

The vulnerability of the Windows operating system’s Network Authentication Protocol, NT LAN Manager NTLM, is related to the lack of protection for service data. Exploiting this vulnerability can allow attackers to perform spoofing attacks...

The vulnerability of the Printing component in the macOS operating system allows a hacker to disclose sensitive information that should be protected.

The vulnerability of the Printing component in the macOS operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information...

The vulnerability of the FileProvider component in the macOS operating system allows a hacker to disclose protected information.

The vulnerability of the FileProvider component in the macOS operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information...