26 matches found
CVE-2026-26191
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands as root macOS/Linux or SYSTEM Windows on managed endpoints when an uninstall is triggered. When a...
CVE-2026-26191
Fleet prior to version 4.81.0 is affected by a vulnerability in the software installer pipeline where metadata from uploaded packages (pkg, deb, rpm, exe, msi) is used to generate uninstall scripts without proper sanitization. A crafted package could cause arbitrary commands to run with root priv...
CVE-2026-26191 Fleet vulnerable to OS command injection in software packages
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands as root macOS/Linux or SYSTEM Windows on managed endpoints when an uninstall is triggered. When a...
PT-2026-28628
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.1 Description Fleet is open source device management software susceptible to a command injection issue within its software installer pipeline. This allows an attacker to execute arbitrary code as root macOS/Linux o...
CVE-2026-24063
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
EUVD-2026-12831
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
CVE-2026-24063
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
CVE-2026-24063 World-writable uninstall script executed as root in Arturia Software Center
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
CVE-2026-24063
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
CVE-2026-24063 World-writable uninstall script executed as root in Arturia Software Center
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
CVE-2026-24063
The CVE concerns Arturia Software Center on macOS. A plugin install creates an uninstall.sh script in a root-owned path with 777 permissions, writable by any user. During plugin uninstall, the Privileged Helper is instructed to execute this script. If an attacker manipulates the script, this can ...
Arturia Software Center 安全漏洞
Arturia Software Center is an application developed by the French company Arturia, used for managing, installing, and updating music production software and plugins. There is a security vulnerability in Arturia Software Center, which stems from improper permission settings in the uninstall.sh...
PT-2026-26067
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
EUVD-2025-112102
Malicious code in jsonp-vuepress-uninstall-ceres npm...
EUVD-2025-122980
Malicious code in quasar-ceres-morgan-uninstall npm...
CVE-2025-43079
The Qualys Cloud Agent included a bundled uninstall script qagentuninstall.sh, specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges...
EUVD-2025-48941
The Qualys Cloud Agent included a bundled uninstall script qagentuninstall.sh, specific to MacOS and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileg...
CVE-2025-43079
The Qualys Cloud Agent included a bundled uninstall script qagentuninstall.sh, specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges...
CVE-2025-43079 Local Privilege Escalation via qagent_uninstall.sh Qualys Cloud Agents
The Qualys Cloud Agent included a bundled uninstall script qagentuninstall.sh, specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges...
CVE-2025-43079
CVE-2025-43079 concerns Qualys Cloud Agent where the bundled uninstall script qagent_uninstall.sh (Mac/Linux) executes multiple system commands without absolute paths and without sanitizing $PATH. The root cause is reliance on manipulated PATH, enabling a privileged user (root/sudo) with elevated...