165 matches found
CVE-2018-7715
PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the...
CVE-2018-10192
IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The com.ipvanish.osx.vpnhelper LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a third-party library for converting xpcobjectt...
CVE-2025-1078
CVE-2025-1078 affects AppHouseKitchen AlDente Charge Limiter (macOS) up to version 1.29. The vulnerability lies in the XPC Service component, specifically the function shouldAcceptNewConnection in com.apphousekitchen.aldente-pro.helper, causing improper authorization and enabling a local-host att...
CVE-2025-1078 AppHouseKitchen AlDente Charge Limiter XPC Service com.apphousekitchen.aldente-pro.helper shouldAcceptNewConnection improper authorization
A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. This vulnerability affects the function shouldAcceptNewConnection of the file com.apphousekitchen.aldente-pro.helper of the component XPC Service. The manipulation leads to...
CVE-2025-1078 AppHouseKitchen AlDente Charge Limiter XPC Service com.apphousekitchen.aldente-pro.helper shouldAcceptNewConnection improper authorization
A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. This vulnerability affects the function shouldAcceptNewConnection of the file com.apphousekitchen.aldente-pro.helper of the component XPC Service. The manipulation leads to...
AppHouseKitchen AlDente 安全漏洞
AppHouseKitchen AlDente is a battery charging restriction software from AppHouseKitchen. A security vulnerability exists in AppHouseKitchen AlDente version 1.29 and earlier, which stems from improper authorization of the XPC service and allows localhost attacks...
PT-2025-5841 · Apphousekitchen · Apphousekitchen Aldente Charge Limiter
Name of the Vulnerable Software and Affected Versions: AppHouseKitchen AlDente Charge Limiter versions up to 1.29 Description: A critical issue has been found in AppHouseKitchen AlDente Charge Limiter, affecting the shouldAcceptNewConnection function of the com.apphousekitchen.aldente-pro.helper...
The vulnerability of the XPC service in MacOS operating systems allows attackers to execute arbitrary code and increase their privileges.
The vulnerability of the XPC service in MacOS operating systems is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to execute arbitrary code and increase their privileges...
CVE-2025-21606
stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name eu.exelban.Stats.SMC.Helper. The associated binary,...
CVE-2025-21606 Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats
stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name eu.exelban.Stats.SMC.Helper. The associated binary,...
CVE-2025-21606
CVE-2025-21606 affects the macOS Stats application. The vulnerable component is the Mach service eu.exelban.Stats.SMC.Helper, exposed via XPC. The root cause is shouldAcceptNewConnection unconditionally returning YES, allowing any XPC client to connect and invoke privileged methods on the HelperT...
CVE-2025-21606 Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats
stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name eu.exelban.Stats.SMC.Helper. The associated binary,...
CVE-2025-0396 exelban stats XPC Service shouldAcceptNewConnection command injection
A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is possible to launch the attack on the local host. Upgrading t...
CVE-2025-0396
CVE-2025-0396 affects exelban stats up to version 2.11.21. The vulnerability lies in the shouldAcceptNewConnection function of the XPC Service , enabling local command injection . Exploitation is described as local to the host. A patch is available: upgrade to 2.11.22 (or later) to address the is...
CVE-2025-0396 exelban stats XPC Service shouldAcceptNewConnection command injection
A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is possible to launch the attack on the local host. Upgrading t...
Stats 注入漏洞
Stats is a macOS system monitor in the menu bar by Serhiy Mytrovtsiy Personal Developer. An injection vulnerability exists in Stats versions prior to 2.11.21, which stems from the fact that the shouldAcceptNewConnection function of the component XPC Service causes command injection...
Adobe Downloader 安全漏洞
Adobe Downloader is a macOS Adobe application downloader and installer for X1a0He individual developers. A security vulnerability exists in Adobe Downloader version 1.3.1 and prior versions, which stems from the shouldAcceptNewConnection function of the XPC Service component contains a rights...
CVE-2024-4395
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation...
CVE-2024-4395
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation...
CVE-2024-4395 Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation...