CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

81 matches found

CVE-2026-24064

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

7.8CVSS6.2AI score0.00128EPSS

Exploits1References1

EUVD•added 2026/06/09 6:30 p.m.•7 views

EUVD-2026-35447

6.2AI score0.00128EPSS

Exploits1References2

NVD•added 2026/06/09 4:16 p.m.•9 views

CVE-2026-24064

7.8CVSS0.00128EPSS

Exploits1References1

CVE•added 2026/06/09 2:47 p.m.•13 views

CVE-2026-24064

Waves Central for macOS (versions 13.0.9–16.5.5) contains a local privilege escalation due to a trusted XPC client component signed with hardened runtime entitlements that allows dynamic library injection via DYLD_INSERT_LIBRARIES. An attacker can inject code into the trusted process at launch, w...

7.8CVSS6.2AI score0.00128EPSS

Exploits1References1

Cvelist•added 2026/06/09 2:47 p.m.•29 views

CVE-2026-24064 Local Privilege Escalation via Dynamic Library Injection in Waves Central for macOS

0.00128EPSS

Exploits1References1

Vulnrichment•added 2026/06/09 2:47 p.m.•4 views

CVE-2026-24064 Local Privilege Escalation via Dynamic Library Injection in Waves Central for macOS

6.2AI score0.00128EPSS

Exploits1References1

GithubExploit•added 2026/05/23 5:45 p.m.•81 views

COORG_EXECUTOR

🚀 COORG-EXECUTOR - Professional Roblox Script Executor for...

5.9AI score

Exploits0

Fedora•added 2026/04/25 1:54 a.m.•4 views

[SECURITY] Fedora 44 Update: gammaray-3.1.0-20.fc44

A tool to poke around in a Qt-application and also to manipulate the application to some extent. It uses various DLL injection techniques to hook into an application at run-time and provide access to a lot of interesting information. GammaRay can introspect Qt 6 and Qt 5 applications...

5.4AI score

Exploits0

RedhatCVE•added 2026/04/10 10:15 a.m.•1 views

CVE-2026-30479

A flaw was found in MapServer. This Dynamic-link Library DLL Injection vulnerability allows attackers to execute arbitrary code. The flaw can be exploited by providing a specially crafted executable, potentially leading to unauthorized control over the affected system...

9.1CVSS6AI score0.00316EPSS

Exploits0References2

EUVD•added 2026/04/09 6:31 p.m.•1 views

EUVD-2026-20960

A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable...

8.8CVSS5.9AI score0.00172EPSS

Exploits0References3

UbuntuCve•added 2026/04/09 5:16 p.m.•1 views

CVE-2026-30479

A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...

9.1CVSS6.2AI score0.00316EPSS

Exploits0References3

NVD•added 2026/02/02 2:16 p.m.•9 views

CVE-2026-24070

During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...

8.8CVSS0.00213EPSS

Exploits1References2

Vulnrichment•added 2026/02/02 1:15 p.m.•5 views

CVE-2026-24070 Local Privilege Escalation via DYLIB Injection in Native Instruments Native Access

5.8AI score0.00213EPSS

Exploits1References2

ATTACKERKB•added 2026/02/02 1:15 p.m.•5 views

CVE-2026-24070

8.8CVSS5.8AI score0.00213EPSS

Exploits1References3

CVE•added 2026/02/02 1:15 p.m.•8 views

CVE-2026-24070

CVE-2026-24070 describes a local privilege escalation in Native Instruments Native Access. The installer deploys a privileged helper (com.native-instruments.NativeAccess.Helper2) used via XPC to perform actions like copy-file, remove, or set-permissions. The XPC service restricts access to client...

8.8CVSS5.8AI score0.00213EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/02/02 12:0 a.m.•3 views

Native Instruments Native Access 安全漏洞

Native Instruments Native Access is a one-stop device management center provided by the German company Native Instruments. There is a security vulnerability in Native Instruments Native Access, which stems from the application having permission to allow DYLIB injection, potentially leading to...

8.8CVSS5.8AI score0.00213EPSS

Exploits1References2

NVD•added 2025/12/18 4:15 p.m.•7 views

CVE-2025-64723

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...

4.8CVSS0.00106EPSS

Exploits0References5

Cvelist•added 2025/12/18 3:15 p.m.•24 views

CVE-2025-64723 Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection

4.8CVSS0.00106EPSS

Exploits0References5

CVE•added 2025/12/18 3:15 p.m.•8 views

CVE-2025-64723

Summary: Arduino IDE for macOS prior to 2.3.7 had overly permissive security entitlements that could bypass the macOS Hardened Runtime protections, enabling an attacker to inject malicious dynamic libraries into the process and access all TCC permissions granted to the app. Impact (as stated): by...

4.8CVSS6.3AI score0.00106EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2025/12/18 3:15 p.m.•5 views

CVE-2025-64723 Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection

4.8CVSS6.3AI score0.00106EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by