CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

CVE-2025-67813

CVE-2025-67813 affects Quest KACE Desktop Authority up to and including version 11.3.1. The vulnerability is insecure permissions on named pipes used for inter-process communication, exposing IPC to inappropriate access or manipulation. Impact is described in connected sources as insecure named p...

CVE-2020-7811

Samsung Update 3.0.2.0 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication...

CVE-2023-54280

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

SUSE CVE-2023-54280

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

CVE-2023-54280

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

UBUNTU-CVE-2023-54280

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

CVE-2023-54280

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

CVE-2025-47319

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...

CVE-2025-68263 ksmbd: ipc: fix use-after-free in ipc_msg_send_request

In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipcmsgsendrequest ipcmsgsendrequest waits for a generic netlink reply using an ipcmsgtableentry on the stack. The generic netlink handler handlegenericevent/handleresponse fills entry-response...

CVE-2025-67744

DeepChat prior to 0.5.3 is affected by a Mermaid diagram rendering vulnerability that allows arbitrary JavaScript execution. The issue arises from the Electron IPC renderer being exposed to the DOM, enabling a Cross-Site Scripting (XSS) flaw that can escalate to Remote Code Execution (RCE) and al...

CVE-2025-36932

In tracepointmsghandler of cpm/google/lib/tracepoint/tracepointipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-202865

In aocservicereadmessage of aocipccore.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

PT-2025-50701

In aoc service read message of aoc ipc core.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-66481

DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insufficient and can be bypassed using unquoted HTML attribute...

CVE-2025-66562 TUUI vulnerable to Remote Code Execution (RCE) via XSS in Markdown ECharts Rendering

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

CVE-2025-66562 TUUI vulnerable to Remote Code Execution (RCE) via XSS in Markdown ECharts Rendering

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

Mozilla Thunderbird < 52.7

The version of Thunderbird installed on the remote Windows host is prior to 52.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-09 advisory. - Mozilla developers Jet Villegas and Randell Jesup reported memory safety bugs present in Firefox ESR 52.6 and...

ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot

...