136 matches found
CVE-2026-33054 Mesop: Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion
Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal vulnerability that allows any user supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard...
CVE-2025-69604
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
PT-2026-5345
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
CVE-2025-69604
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
EUVD-2025-206519
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
CVE-2025-69604
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
CVE-2025-69604
CVE-2025-69604 affects Shirt Pocket’s SuperDuper! 3.11 and earlier. A local attacker can modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thereby bypassing macOS privacy controls. Affected component: the SuperDu...
CVE-2021-31727
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \.\ZemanaAntiMalware, register with the driver using IOCTL...
CVE-2025-64699
An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...
EUVD-2025-206011
An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...
CVE-2025-64699
An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...
CVE-2025-64699
An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...
CVE-2025-64699
CVE-2025-64699 affects SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, running with SYSTEM privileges, applies a Security Descriptor to a device object that has no explicitly configured DACL. This can allow an attacker to perform unauthorized raw disk operations, potential...
CVE-2025-64699
An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...
CVE-2025-64699
An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...
PT-2025-54386
Name of the Vulnerable Software and Affected Versions SevenCs ORCA G2 version 2.0.1.35 EC2007 Kernel v5.22 Description An issue exists where a Security Descriptor with no explicitly configured DACL is applied to a device object by the regService process, which operates with SYSTEM privileges. Thi...
Exploit for Improper Access Control in Shirt-Pocket Superduper\!
CVE-2025-61229 Description From the developer's blog:...
CVE-2025-61229
An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
EUVD-2025-200025
An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
CVE-2025-61229
An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls...