GHSA-7P5M-V798-F8VV Electerm Local code through electerm's single-instance socket

Impact Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app to create tabs and potentially spawn attacker-controlled local processes. Affects electerm single-instance installs on the machine. Patches ...

EUVD-2026-26682

AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...

CVE-2026-21711

A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket UDS server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication IP...

Missing Authentication for Critical Function

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improper handling of authentication bootstrap errors during startup, which leaves browser-control routes accessible without...

CVE-2025-8533

A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method, unconditionally accepting requests from any local process. As a result, any local, unprivileged process could...

CVE-2025-8533

Summary: CVE-2025-8533 affects Fantastical’s XPC services where listener:shouldAcceptNewConnection did not enforce proper client authorization, allowing any local unprivileged process to access XPC methods. Impact: local access to XPC service methods without authorization. Status & fix: issue res...

PT-2025-32260 · Flexibits · Fantastical

Name of the Vulnerable Software and Affected Versions: Fantastical versions prior to 4.0.16 Description: A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method,...

CVE-2021-25736

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress.ip” field. Clusters where the LoadBalancer controller sets the...

DEBIAN-CVE-2023-1672

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host...

CVE-2023-27706

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes...

Microsoft Skype Authorization Issues Vulnerability

Microsoft Skype is a communication application from Microsoft USA. The program provides video calls and voice calls to other devices over the Internet for computers and mobile devices such as cell phones. A security vulnerability exists in Microsoft Skype through 8.59.0.77 on macOS that allows...

Linux kernel input validation error vulnerability (CNVD-2020-00265)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An input validation error vulnerability exists in Linux kernel version 5.2.14 and earlier. The vulnerability arises from a networked system or product that does not...