PT-2026-2644

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 147 Firefox ESR versions prior to 115.32 Firefox ESR versions prior to 140.7 Description A use-after-free issue exists in the IPC component. This can potentially lead to undesirable behavior. Recommendations Update...

Security Vulnerabilities fixed in Firefox ESR 115.32 — Mozilla

CVE-2026-0877: Mitigation bypass in the DOM: Security component Reporter Mingi Jung 정민기입니다 Impact high References Bug 1999257 CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the Graphics component Reporter Oskar L Impact high References Bug 2004602 CVE-2026-0880: Sandbox...

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

EUVD-2026-1927

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

CVE-2025-14979

AirVPN Eddie on macOS is affected by CVE-2025-14979 due to an insecure XPC service that allows local, unprivileged users to escalate privileges to root. Affected version: Eddie 2.24.6. Documented impact is local privilege escalation with high confidentiality/integrity/availability implications. R...

CVE-2023-54280 cifs: fix potential race when tree connecting ipc

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

CVE-2022-50748

In the Linux kernel, the following vulnerability has been resolved: ipc: mqueue: fix possible memory leak in initmqueuefs commit db7cfc380900 "ipc: Free mqsysctls if ipc namespace creation failed" Here's a similar memory leak to the one fixed by the patch above. retiremqsysctls need to be called...

CVE-2022-50729

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix resource leak in ksmbdsessionrpcopen When ksmbdrpcopen fails then it must call ksmbdrpcidfree to undo the result of ksmbdipcidalloc...

PT-2025-53033

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak exists in the ksmbd session rpc open function within the kernel's ksmbd component. When ksmbd rpc open fails, it does not properly call ksmbd rpc id free to release...

CVE-2025-67744

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer...

CVE-2025-67744 Mermaid XSS vulnerability leads to Remote Code Execution

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer...

PT-2025-51356

Name of the Vulnerable Software and Affected Versions DeepChat versions prior to 0.5.3 Description DeepChat is an open-source artificial intelligence agent platform. A security issue exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. This Cross-Site...

CVE-2025-43510

CVE-2025-43510 describes a memory corruption issue caused by insufficient lock state checking that could enable a malicious application to cause unexpected changes in memory shared between processes. Affected Apple platforms include watchOS, iOS, iPadOS, macOS (Tahoe, Sonoma, Sequoia), visionOS, ...

EUVD-2025-203099

BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoNTFS: 1.3.2...

CVE-2025-13733

BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoNTFS: 1.3.2...

CVE-2025-13733 BuhoNTFS 1.3.2 - Local Privilege Escalation

BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoNTFS: 1.3.2...

CVE-2025-13733

BuhoNTFS (v1.3.2) is affected by CVE-2025-13733 due to an insecure XPC service that enables local, unprivileged users to escalate to root via insecure functions. This conclusion is supported by multiple connected sources (NVD, Red Hat, EUVD, CIRCL, CVE lists, and vulnerability feeds) all describi...

Dr.Buho BuhoNTFS 安全漏洞

Dr.Buho BuhoNTFS is an NTFS driver from the Chinese company Dr.Buho. A security vulnerability exists in Dr.Buho BuhoNTFS version 1.3.2, which originates from an insecure XPC service and could result in local user privileges being elevated to root...

CVE-2025-36932

In tracepointmsghandler of cpm/google/lib/tracepoint/tracepointipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, an American company. Google Pixel has a security vulnerability that stems from improper validation of the aocservicereadmessage input in aocipccore.c, which could lead to local elevation of privilege...