CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method, unconditionally accepting requests from any local process. As a result, any local, unprivileged process could...

6.9CVSS0.00323EPSS

Exploits0References2

Vulnrichment•added 2025/08/07 9:59 a.m.•7 views

CVE-2025-8533 Incorrect Authorization of XPC Service in Fantastical.app

6.9CVSS6.2AI score0.00323EPSS

Exploits0References2

CVE•added 2025/08/07 9:59 a.m.•12 views

CVE-2025-8533

Summary: CVE-2025-8533 affects Fantastical’s XPC services where listener:shouldAcceptNewConnection did not enforce proper client authorization, allowing any local unprivileged process to access XPC methods. Impact: local access to XPC service methods without authorization. Status & fix: issue res...

6.9CVSS6.3AI score0.00323EPSS

Exploits0References2

Positive Technologies•added 2025/08/07 12:0 a.m.•4 views

PT-2025-32260 · Flexibits · Fantastical

Name of the Vulnerable Software and Affected Versions: Fantastical versions prior to 4.0.16 Description: A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method,...

6.9CVSS6.2AI score0.00323EPSS

Exploits0References7

RedhatCVE•added 2025/05/22 11:50 p.m.•5 views

CVE-2022-22676

An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission...

5.5CVSS6.3AI score0.00246EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 3:50 p.m.•5 views

CVE-2020-14977

An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execut...

9.3CVSS7.5AI score0.00802EPSS

Exploits1

ATTACKERKB•added 2022/05/26 6:15 p.m.•4 views

CVE-2022-22676

5.5CVSS6AI score0.00246EPSS

Exploits0References2

OSV•added 2022/05/26 6:15 p.m.•0 views

CVE-2022-22676

5.5CVSS6.1AI score

Exploits0References1

NVD•added 2022/05/26 6:15 p.m.•17 views

CVE-2022-22676

5.5CVSS0.00246EPSS

Exploits0References1

Prion•added 2022/05/26 6:15 p.m.•15 views

Input validation

4.3CVSS5.2AI score0.00246EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/05/26 5:45 p.m.•15 views

CVE-2022-22676

6.2AI score0.00246EPSS

Exploits0References1

CVE•added 2022/05/26 5:45 p.m.•160 views

CVE-2022-22676

CVE-2022-22676 describes an event handler validation issue in the XPC Services API. The vulnerability was addressed by removing the vulnerable service, and is fixed in macOS Monterey 12.2. The impact is that an application may be able to delete files for which it does not have permission. Remedia...

5.5CVSS5.2AI score0.00246EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2022/01/26 12:0 a.m.•1 views

PT-2022-15623 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.2 Description: An event handler validation issue in the XPC Services API was addressed by removing the service. This issue may allow an application to delete files for which it does not have permission...

5.5CVSS5.2AI score0.00246EPSS

Exploits0References5

NVD•added 2020/06/23 8:15 p.m.•16 views

CVE-2020-14977

9.3CVSS0.00802EPSS

Exploits1References3

Prion•added 2020/06/23 8:15 p.m.•14 views

Code injection

9.3CVSS8.1AI score0.00802EPSS

Exploits1References3Affected Software1

Cvelist•added 2020/06/23 7:2 p.m.•16 views

CVE-2020-14977