Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, an American company. Google Pixel has a security vulnerability that stems from improper validation of the aocservicereadmessage input in aocipccore.c, which could lead to local elevation of privilege...

tipc: Fix use-after-free in tipc_mon_reinit_self().

...

CVE-2025-66562 TUUI vulnerable to Remote Code Execution (RCE) via XSS in Markdown ECharts Rendering

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

CVE-2025-55076

A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system, which may allow a local user to execute arbitrary commands wi...

CVE-2025-66222

DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...

CVE-2025-65842

The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...

CVE-2025-65842

The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...

CVE-2025-55076

A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system, which may allow a local user to execute arbitrary commands wi...

CVE-2025-65842

The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...

CVE-2025-65842

The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...

Plugin Alliance Aquarius HelperTool 安全漏洞

Plugin Alliance Aquarius HelperTool is an audio plugin helper tool from Plugin Alliance, Inc. A security vulnerability exists in Plugin Alliance Aquarius HelperTool version 1.0.003, which stems from the XPC service not validating the client's identity and flawed authorization logic, which could...

EUVD-2025-198806

iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4...

CVE-2025-11921 iStat Menus 7.10.4 - Local Privilege Escalation

iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4...

CVE-2025-11921

CVE-2025-11921 affects iStats (iStat Menus) 7.10.4, where an insecure XPC service allows local, unprivileged users to escalate to root via command injection. CVSS indicates local access with high impact on confidentiality, integrity, and availability. Public references identify a patch path; iSta...

Bjango iStats 安全漏洞

Bjango iStats is a system monitoring tool from Bjango Australia. A security vulnerability exists in Bjango iStats version 7.10.4, which originates from an insecure XPC service and could lead to elevation of privilege...

thunderbird: firefox: Cross-process information leaked due to malicious IPC messages

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process...

thunderbird: firefox: Cross-process information leaked due to malicious IPC messages

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process...

PT-2025-51006

Name of the Vulnerable Software and Affected Versions macOS Sequoia versions prior to 15.7.2 macOS Sonoma versions prior to 14.8.2 macOS Tahoe versions prior to 26.1 tvOS versions prior to 26.1 visionOS versions prior to 26.1 iOS versions prior to 18.7.2 iPadOS versions prior to 18.7.2 watchOS...

FreeBSD : Firefox -- use-after-free in the GPU or browser process (291773e6-b5b2-11f0-8f61-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 291773e6-b5b2-11f0-8f61-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1993113 reports: Starting with Firefox 142, it was possible...

CVE-2025-40084 ksmbd: transport_ipc: validate payload size before reading handle

In the Linux kernel, the following vulnerability has been resolved: ksmbd: transportipc: validate payload size before reading handle handleresponse dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message fr...