VYPR
Vendor

Waves

Products
3
CVEs
4
Across products
4
Status
Private

Products

3

Recent CVEs

4
  • CVE-2026-24065HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the client process identifier (PID) to verify code-signing identity. Because process…

  • CVE-2026-24064HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the…

  • CVE-2019-13208HigJul 3, 2019
    risk 0.47cvss 7.3epss 0.00

    WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.9.29.0.

  • CVE-2017-6005HigJul 26, 2017
    risk 0.46cvss 7.0epss 0.00

    Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Windows service with File Version 1.1.6.0. This service has a vulnerability known as Unquoted Service Path. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with…