RLSA-2026:19141 Important: PackageKit security update

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fixes: PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 For more details abou...

yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation

Impact yeoman-environment versions = 2.9.0 and 6.0.1 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass attacker-controlled project configuration into this path, this can result in arbitrary package installation...

GHSA-VV9J-GJW2-J8WP yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation

Impact yeoman-environment versions = 2.9.0 and 6.0.1 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass attacker-controlled project configuration into this path, this can result in arbitrary package installation...

Security update for PackageKit (important)

openSUSE security update: security update for packagekit ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20646-1 Rating: important References: bsc1262220 Cross-References: CVE-2026-41651 CVSS scores: CVE-2026-41651 SUSE : 8.8...

RockyLinux 8 : PackageKit (RLSA-2026:11635)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:11635 advisory. PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 Tenable has extracted the preceding description block...

USN-8195-2 packagekit vulnerability

USN-8195-1 fixed a vulnerability in PackageKit. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that PackageKit incorrectly handled certain transactions. A local attacker could use this issue to install arbitrary packages as root,...

EUVD-2008-3237

Malware in sbrugna...

EUVD-2025-14867

Malicious code in bioql PyPI...

CVE-2021-30070

An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk parameter in the update request being transmitted to the operating system's package manager...

SUSE CVE-2025-3931

A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...

CVE-2025-3931

Yggdrasil (the system daemon that uses a D-Bus message broker to route data to worker processes) has a local privilege escalation flaw (CVE‑2025‑3931) due to missing authentication/authorization when dispatching messages to workers. An attacker with local system access could leverage this unprote...

yggdrasil: Local privilege escalation in yggdrasil

A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...

Design/Logic Flaw

An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk parameter in the update request being transmitted to the operating system's package manager...

HestiaCP 安全漏洞

HestiaCP is a lightweight and powerful control panel for modern networks. A security vulnerability exists in HestiaCP versions prior to v1.3.5, which stems from the value obtained from the pgk parameter in an update request being transmitted to the operating system's package manager, allowing an...

Apple Mac OSX 10.1.x - SoftwareUpdate Arbitrary Package Installation

Apple Mac OSX 10.1.x - SoftwareUpdate Arbitrary Package Installation source: https://www.securityfocus.com/bid/5176/info A vulnerability has been reported for MacOS X where an attacker may use SoftwareUpdate to install malicious software on the vulnerable system. SoftwareUpdate uses HTTP, without...