GHSA-G3HP-F6MG-559V Sparkle's AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection

Summary AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection. Details Autoupdate/AppInstaller.m's shouldAcceptNewConnection: only enforces SUCodeSigningVerifier validateConnection: before stage 1 completes. After...

CVE-2026-43433

A flaw was found in the Linux kernel's rustbinder component. If a local process gains the ability to write to its own virtual memory area VMA, it could exploit a time-of-check to time-of-use TOCTOU vulnerability. This allows the process to alter the offsets array during a transaction before it is...

OpenClaw 访问控制错误漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that can be exploited by an attacker to cause a local process to capture a gateway authentication token...

CVE-2026-22812

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process or any website via permissive CORS to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216...

CVE-2026-22812 OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process or any website via permissive CORS to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216...

CVE-2020-24003

Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process with the user's privileges to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access...

EUVD-2018-19727

Malware in sbrugna...

EUVD-2020-16740

Malware in sbrugna...

EUVD-2021-26929

Malware in sbrugna...

CVE-2025-8533

A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method, unconditionally accepting requests from any local process. As a result, any local, unprivileged process could...

CVE-2025-8533 Incorrect Authorization of XPC Service in Fantastical.app

A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method, unconditionally accepting requests from any local process. As a result, any local, unprivileged process could...

CVE-2020-11470

Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process with the user's privileges to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access...

CVE-2020-28967

FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function. This vulnerability allows attackers to elevate local process privileges via overwriting the registers...

CVE-2019-3970

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data direct...

CVE-2018-8044

K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution local. The component is: K7Sentry.sys...

kernel: memory leak in ipv6_renew_options()

A memory leak flaw was found in the Linux kernel’s IPv6 functionality in how a user triggers the setsockopt of the IPV6ADDRFORM and IPV6DSTOPTS type. This flaw allows a user to crash the system if the setsockopt function is being called simultaneously with the IPV6ADDRFORM type and other processe...

PT-2022-2506 · Cisco · Cisco Ftd

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the local malware analysis process could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the...

Null pointer dereference

A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash...

FlashGet Buffer Overflow Vulnerability

FlashGet is a free download manager from the Chinese company FlashGet. Used to create interactive customized graphs, display trends, alerts and schedules. A buffer overflow vulnerability exists in FlashGet v1.9.6, which is caused by a buffer overflow in the software's "current path directory"...

CVE-2020-28967

FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function. This vulnerability allows attackers to elevate local process privileges via overwriting the registers...