Lucene search
K

110 matches found

CVE
CVE
added yesterday9 views

CVE-2026-12374

CVE-2026-12374 affects the macOS PrivilegedHelperTool in Cato Client prior to v5.13.1. The issue combines improper XPC caller certificate validation with a TOCTOU race, allowing a local authenticated attacker to escalate to root by using a self-signed certificate that bypasses XPC caller verifica...

7.3CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-41001

Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...

7.3CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...

7.3CVSS5.8AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.12 views

CVE-2026-24067

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...

8.4CVSS5.4AI score0.00131EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.10 views

CVE-2026-24064

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

7.8CVSS6.2AI score0.00151EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.10 views

CVE-2026-24065

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the client process identifier PID to verify code-signing identity. Because process identifiers can be reuse...

8.1CVSS6.1AI score0.00323EPSS
Exploits1References1
NVD
NVD
added 2026/06/10 12:16 p.m.14 views

CVE-2026-24067

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...

8.4CVSS0.00131EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 p.m.14 views

CVE-2026-24066

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the...

8.4CVSS0.00122EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 11:49 a.m.15 views

EUVD-2026-36000

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...

8.4CVSS5.4AI score0.00131EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 11:49 a.m.7 views

CVE-2026-24067 Slate Digital Connect macOS XPC PID validation privilege escalation

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...

5.4AI score0.00131EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 11:49 a.m.26 views

CVE-2026-24067

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool (com.slatedigital.connect.privileged.helper.tool) that exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The root cause is a PID-based client validation that is vulnerable to a time-of-check time-of-u...

8.4CVSS5.4AI score0.00131EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 11:49 a.m.41 views

CVE-2026-24067 Slate Digital Connect macOS XPC PID validation privilege escalation

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...

0.00131EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 11:43 a.m.39 views

CVE-2026-24066 Slate Digital Connect macOS XPC certificate validation privilege escalation

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the...

0.00122EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 11:43 a.m.8 views

CVE-2026-24066 Slate Digital Connect macOS XPC certificate validation privilege escalation

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the...

5.4AI score0.00122EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 11:43 a.m.9 views

EUVD-2026-36002

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the...

8.4CVSS5.4AI score0.00122EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 11:43 a.m.87 views

CVE-2026-24066

Slate Digital Connect 1.37.0 for macOS exposes a privileged helper tool (com.slatedigital.connect.privileged.helper.tool) that serves an XPC service (com.slatedigital.connect.privileged.helper.tool2). The root cause is that the helper validates connecting XPC clients by checking only the subject....

8.4CVSS5.4AI score0.00122EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48400

Name of the Vulnerable Software and Affected Versions Slate Digital Connect version 1.37.0 Description The software installs a privileged helper tool, 'com.slatedigital.connect.privileged.helper.tool', which exposes the XPC service 'com.slatedigital.connect.privileged.helper.tool2'. The helper...

8.4CVSS5.2AI score0.00122EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48401

Name of the Vulnerable Software and Affected Versions Slate Digital Connect version 1.37.0 Description The software installs a privileged helper tool, 'com.slatedigital.connect.privileged.helper.tool', which exposes the XPC service 'com.slatedigital.connect.privileged.helper.tool2'. The helper...

8.4CVSS5.1AI score0.00131EPSS
Exploits0References7
NVD
NVD
added 2026/06/09 4:16 p.m.13 views

CVE-2026-24064

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

7.8CVSS0.00151EPSS
Exploits1References1
CVE
CVE
added 2026/06/09 2:50 p.m.29 views

CVE-2026-24065

Waves Central for macOS (versions 13.0.9–16.5.5) contains a local privilege escalation in the privileged helper service. The helper validates connecting XPC clients by examining the client PID to verify code-signing identity. Since PIDs can be reused, an attacker can race between connection and v...

8.1CVSS6.1AI score0.00323EPSS
Exploits1References2
Rows per page
Query Builder