144 matches found
PT-2026-47795
Name of the Vulnerable Software and Affected Versions Waves Central for macOS versions 13.0.9 through 16.5.5 Description A trusted XPC client component is signed with hardened runtime entitlements that allow dynamic library injection. A local attacker can use the DYLD INSERT LIBRARIES environment...
PT-2026-47796
1 Local Privilege Escalation via DYLIB Injection CVE-2026-24064 2 Local Privilege Escalation via Insecure XPC Client Validation CVE-2026-24065 Multiple Local Privilege Escalation Vulnerabilities in Waves Audio Waves Central https://t.co/fkys4ePhWy...
Malicious code in pgrayy-wasmtime (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7c9cfd90d6de2acd86d50019dfa4a2b140ac9246fdcbae8d7aaa3d17bd4af6e The distribution is published as pgrayy-wasmtime but its toplevel.txt declares the top-level import name as wasmtime, and the entire Python source tr...
CVE-2026-24070
During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...
CVE-2026-24070
During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...
CVE-2026-24070 Local Privilege Escalation via DYLIB Injection in Native Instruments Native Access
During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...
EUVD-2026-5108
During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...
PT-2026-5657
Name of the Vulnerable Software and Affected Versions Native Instruments Native Access affected versions not specified Description The Native Access application installs a privileged helper, com.native-instruments.NativeAccess.Helper2, used for triggering functions via XPC communication, such as...
CVE-2023-49313
A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data...
CVE-2019-20856
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection...
CVE-2025-65741
Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library in the context of the Sublime Text application...
CVE-2025-65741
Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library in the context of the Sublime Text application...
CVE-2025-65741
Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library in the context of the Sublime Text application...
CVE-2025-5469 Dylib Hijacking in Yandex Messenger
Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245...
CVE-2025-5469
CVE-2025-5469 is described as an Uncontrolled Search Path Element vulnerability in Yandex Messenger on macOS, enabling search order hijacking and affecting Telemost before version 2.245. Public sources in the connected set corroborate this for Telemost prior to 2.245 and identify the root cause a...
CVE-2025-5469 Dylib Hijacking in Yandex Messenger
Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245...
CVE-2025-5471 Dylib Hijacking in Yandex Telemost
Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1...
CVE-2025-5471
CVE-2025-5471 affects Yandex Telemost on macOS, before version 2.19.1. The root cause is an uncontrolled Search Path Element, enabling search-order hijacking (dylib hijacking). Impact per sources is high on confidentiality, integrity, and availability when a malicious library is loaded via a mani...
CVE-2025-5471 Dylib Hijacking in Yandex Telemost
Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1...
CVE-2025-5470 Dylib Hijacking in Yandex Disk
Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS allows Search Order Hijacking.This issue affects Disk: before 3.2.45.3275...