CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

77 matches found

NVD•added 2026/06/10 12:16 p.m.•13 views

CVE-2026-24067

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...

8.4CVSS0.00131EPSS

Exploits0References2

NVD•added 2026/06/10 12:16 p.m.•14 views

CVE-2026-24066

8.4CVSS0.00122EPSS

Exploits0References2

Vulnrichment•added 2026/06/10 11:43 a.m.•7 views

CVE-2026-24066 Slate Digital Connect macOS XPC certificate validation privilege escalation

5.4AI score0.00122EPSS

Exploits0References1

Cvelist•added 2026/06/10 11:43 a.m.•38 views

CVE-2026-24066 Slate Digital Connect macOS XPC certificate validation privilege escalation

0.00122EPSS

Exploits0References1

Positive Technologies•added 2026/06/10 12:0 a.m.•12 views

PT-2026-48400

Name of the Vulnerable Software and Affected Versions Slate Digital Connect version 1.37.0 Description The software installs a privileged helper tool, 'com.slatedigital.connect.privileged.helper.tool', which exposes the XPC service 'com.slatedigital.connect.privileged.helper.tool2'. The helper...

8.4CVSS5.2AI score0.00122EPSS

Exploits0References7

RedhatCVE•added 2026/06/05 7:10 p.m.•9 views

CVE-2026-35228

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects component: helper tool. The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server...

8.7CVSS5.5AI score0.00221EPSS

Exploits0References1

NVD•added 2026/05/05 4:16 a.m.•8 views

CVE-2026-35228

8.7CVSS0.00221EPSS

Exploits0References1

CVE•added 2026/05/05 3:24 a.m.•19 views

CVE-2026-35228

CVE-2026-35228 affects Oracle MCP Server Helper Tool (Oracle Open Source Projects) with vulnerable versions 1.0.1–1.0.156. An unauthenticated attacker can reach the server over HTTP and, according to the description, could cause the tool to execute malicious SQL. The Connected documents provide t...

8.7CVSS5.8AI score0.00221EPSS

Exploits0References1

ATTACKERKB•added 2026/05/05 3:24 a.m.•2 views

CVE-2026-35228

8.7CVSS5.8AI score0.00221EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/05 3:24 a.m.•2 views

CVE-2026-35228

8.7CVSS5.8AI score0.00221EPSS

Exploits0References1

CNNVD•added 2026/05/05 12:0 a.m.•10 views

Oracle MCP Server Helper Tool SQL注入漏洞

The Oracle MCP Server Helper Tool is a server assistance tool developed by Oracle Corporation. Versions 1.0.1 to 1.0.156 of the Oracle MCP Server Helper Tool contain SQL injection vulnerabilities. These vulnerabilities stem from issues with the helper tool component, allowing unauthenticated...

8.7CVSS6AI score0.00221EPSS

Exploits0References1

Positive Technologies•added 2026/05/05 12:0 a.m.•10 views

PT-2026-36964

Name of the Vulnerable Software and Affected Versions Oracle MCP Server Helper Tool versions 1.0.1 through 1.0.156 Description An unauthenticated attacker with network access via HTTP can compromise the Oracle MCP Server Helper Tool. This issue allows the execution of malicious SQL, a technique...

8.7CVSS6AI score0.00221EPSS

Exploits0References9

Packet Storm•added 2026/04/27 12:0 a.m.•89 views

📄 Vienna Assistant 1.2.542 macOS Privilege Escalation

A macOS helper service interface implemented via NSXPC was observed exposing methods that may allow privileged operations such as file writing and command execution through a remote proxy connection...

8.8CVSS5.7AI score0.00449EPSS

Exploits1

ATTACKERKB•added 2026/03/26 10:55 a.m.•1 views

CVE-2026-24068

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can...

8.8CVSS5.9AI score0.00449EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/03/26 10:55 a.m.•24 views

CVE-2026-24068 Missing XPC Client & NSXPC endpoint validation leads to privilege escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library

0.00449EPSS

Exploits1References1

Positive Technologies•added 2026/03/26 12:0 a.m.•8 views

PT-2026-28337

Name of the Vulnerable Software and Affected Versions Vienna Assistant affected versions not specified Description The Vienna Assistant privileged helper utilizes NSXPC for Inter-Process Communication IPC. The implementation of the shouldAcceptNewConnection function, used by the NSXPC framework t...

8.8CVSS6AI score0.00449EPSS

Exploits1References4

GithubExploit•added 2026/01/27 2:27 a.m.•167 views

Exploit for CVE-2024-11467

CVE-2024-11467 The macOS operating system uses XPC services f...

7.8CVSS6AI score0.00178EPSS

Exploits1

RedhatCVE•added 2025/12/04 12:11 a.m.•12 views

CVE-2025-65843

Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside the /Library/Logs/Aquarius directory and treats them as regular files. When building the support ZIP, Aquarius...

7.7CVSS6.6AI score0.00238EPSS

Exploits1References1

Vulnrichment•added 2025/12/03 12:0 a.m.•2 views

CVE-2025-65843

6.2AI score0.00238EPSS

Exploits1References1

Cvelist•added 2025/12/03 12:0 a.m.•14 views

CVE-2025-65843

0.00238EPSS

Exploits1References1

Rows per page