CVE-2026-24067 Slate Digital Connect macOS XPC PID validation privilege escalation

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...

CVE-2026-49237 Local Privilege Escalation in Canonical Multipass

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

CVE-2025-4960 macOS Local Privilege Escalation via Improper Authorization Handling in EPSON Printer Controller Installer

The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s...

CVE-2025-4960

CVE-2025-4960 affects macOS via the EPSON printer driver installer’s com.epson.InstallNavi.helper, which exposes privileged functionality due to improper authorization handling and weak client authentication over XPC. The API flow uses overly permissive custom rights registered in /var/db/auth.db...

CVE-2025-62686

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a RESTRICT segment, a local user may exploit the DYLDINSERTLIBRARIES environment...

EUVD-2016-8505

Malware in sbrugna...

EUVD-2020-30634

Malware in sbrugna...

EUVD-2023-57765

Malicious code in bioql PyPI...

CVE-2025-53819 Nix's privilege dropping to build user broke for macOS

Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges root, instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available...

CVE-2025-53819 Nix's privilege dropping to build user broke for macOS

Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges root, instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available...

CVE-2023-46689

Improper neutralization in IntelR Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access...

Mozilla Thunderbird < 128.10

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-32 advisory. - Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memo...

The vulnerability of the AppleMobileFileIntegrity component in macOS operating systems allows attackers to increase their privileges.

The vulnerability of the AppleMobileFileIntegrity component in macOS operating systems is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow attackers to enhance their privileges...

CVE-2024-2451 Improper fingerprint validation in the TeamViewer Client

Improper fingerprint validation in the TeamViewer Client Full & Host prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading...

CVE-2021-36666

An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission...