Lucene search
+L

166 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2021-28416

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-2570

Malicious code in bioql PyPI...

8.7CVSS6.5AI score0.00261EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/01 3:17 p.m.7 views

CVE-2025-7779

Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image macOS before build 42389, Acronis True Image for SanDisk macOS before build 42198, Acronis True Image for Western Digital macOS before build 42197, Acronis True Image OEM...

8.8CVSS7.3AI score0.00115EPSS
Exploits0References1
NVD
NVD
added 2025/09/30 3:15 p.m.22 views

CVE-2025-7779

Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image macOS before build 42389, Acronis True Image for SanDisk macOS before build 42198, Acronis True Image for Western Digital macOS before build 42197, Acronis True Image OEM...

8.8CVSS0.00115EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/30 2:52 p.m.4 views

CVE-2025-7779

Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image macOS before build 42389, Acronis True Image for SanDisk macOS before build 42198, Acronis True Image for Western Digital macOS before build 42197, Acronis True Image OEM...

8.8CVSS7.3AI score0.00115EPSS
Exploits0References1
CVE
CVE
added 2025/09/30 2:52 p.m.22 views

CVE-2025-7779

CVE-2025-7779: Local privilege escalation due to insecure XPC service configuration. Affects Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, and Acronis True Image for Western Digital (macOS) before build 42197. Remediation: upgrade to bui...

8.8CVSS7.3AI score0.00115EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/30 2:52 p.m.26 views

CVE-2025-7779

Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image macOS before build 42389, Acronis True Image for SanDisk macOS before build 42198, Acronis True Image for Western Digital macOS before build 42197, Acronis True Image OEM...

8.8CVSS0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/30 12:45 a.m.22 views

CVE-2025-11130

A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit h...

8.6CVSS6.4AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/30 12:0 a.m.4 views

Acronis True Image 安全漏洞

Acronis True Image is a well-known data backup and restore software from the Swiss company Acronis. The software can be used to create drive and disk images and can restore the image when a clean system is needed. A security vulnerability exists in Acronis True Image, which stems from an insecure...

8.8CVSS8.4AI score0.00115EPSS
Exploits0References2
CVE
CVE
added 2025/09/16 10:3 a.m.22 views

CVE-2025-10016

The CVE-2025-10016 issue affects the Sparkle framework’s Autoupdate/Downloader.xpc mechanism. Reports in connected sources describe a local, unprivileged attacker who can exploit a race condition by connecting to the daemon as root to request installation of a crafted PKG, leading to local privil...

8.8CVSS6.5AI score0.00194EPSS
Exploits0References3
OSV
OSV
added 2025/09/16 10:3 a.m.8 views

CVE-2025-10016 Local Privilege Escalation in Sparkle Autoupdate Daemon

The Sparkle framework includes a helper tool Autoupdate. Due to lack of authentication of connecting clients a local unprivileged attacker can request installation of crafted malicious PKG file by racing to connect to the daemon when other app spawns it as root. This results in local privilege...

8.8CVSS5.9AI score0.00194EPSS
Exploits0References5
CVE
CVE
added 2025/09/16 10:3 a.m.21 views

CVE-2025-10015

The Sparkle framework’s Downloader.xpc XPC service can be registered globally by a local, unprivileged attacker, causing the service to inherit the app’s TCC permissions. The root cause is lack of validation of the connecting client, allowing copying of TCC-protected files to arbitrary locations;...

4.8CVSS6.1AI score0.00129EPSS
Exploits0References3
OSV
OSV
added 2025/09/16 10:3 a.m.12 views

CVE-2025-10015 TCC Bypass via Downloader XPC Service in Sparkle

The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the application. Lack of validation of connecting client...

4.8CVSS6AI score0.00129EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.7 views

PT-2025-37917

Name of the Vulnerable Software and Affected Versions: Sparkle framework versions prior to 2.7.2 Description: The Sparkle framework includes an XPC service, Downloader.xpc, which is, by default, private to the application it is bundled with. A local, unprivileged attacker can register this XPC...

4.8CVSS6.4AI score0.00129EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/08/07 9:59 a.m.13 views

CVE-2025-8533 Incorrect Authorization of XPC Service in Fantastical.app

A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method, unconditionally accepting requests from any local process. As a result, any local, unprivileged process could...

6.9CVSS0.00391EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/01 6:6 p.m.5 views

CVE-2025-54595 Pearcleaner's unauthenticated access to privileged XPC helper allows root command execution

Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. The PearcleanerHelper is a privileged helper tool bundled with the Pearcleaner application. It is registered and activated only after the user approves a system prompt to allow privileged operations. Upon approval, th...

7.3CVSS6.7AI score0.00165EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/01 12:0 a.m.10 views

PT-2025-31677 · Unknown · Pearcleaner

Name of the Vulnerable Software and Affected Versions: Pearcleaner versions 4.4.0 through 4.5.1 Description: Pearcleaner is a macOS application cleaner. The PearcleanerHelper, a privileged helper tool bundled with the application, registers an XPC service...

7.3CVSS7.4AI score0.00165EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 12:1 p.m.8 views

CVE-2025-21606

stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name eu.exelban.Stats.SMC.Helper. The associated binary,...

8.7CVSS7.7AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:13 p.m.10 views

CVE-2020-15495

Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration...

7.8CVSS6.9AI score0.00256EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:13 a.m.9 views

CVE-2018-7716

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the...

10CVSS7.5AI score0.02376EPSS
Exploits0References1
Rows per page
Query Builder