CVE-2025-55076

The CVE-2025-55076 entry describes a local privilege escalation in Plugin Alliance Installation Manager v1.4.0 for macOS, via the InstallationHelper service that accepts unauthenticated XPC connections and passes input to system(). This could allow a local user to execute arbitrary commands with ...

CVE-2025-62686

This CVE affects Plugin Alliance Installation Manager v1.4.0 on macOS, specifically the InstallationHelper service. The root cause is missing hardened runtime and a __RESTRICT segment, allowing local users to abuse the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library, potent...