CVE-2026-34387 Fleet vulnerable to OS command injection via crafted software package metadata in uninstall scripts

Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary code execution as root macOS/Linux or SYSTEM Windows on managed hosts when an uninstall is triggered for a crafted...

CVE-2026-28457

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring must be enabled that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences...

EUVD-2022-7409

Malicious code in bioql PyPI...

CentOS 8 : python-setuptools (CESA-2023:0835)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:0835 advisory. - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom...

CVE-2023-6356 Kernel: null pointer dereference in nvmet_tcp_build_iovec

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service...

CVE-2023-20013

Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These...

OESA-2023-1004 python-setuptools security update

Setuptools is a collection of enhancements to the Python distutils that allow you to more easily build and distribute Python packages, especially ones that have dependencies on other packages.This package contains a python wheel of setuptools to use with venv. Security Fixes: Python Packaging...

Design/Logic Flaw

Denial of Service DoS in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs...

CVE-2021-43890

We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. An attacker...

apt input validation error vulnerability

apt is a command-line package manager from the Debian Project Collaboration that provides search, management, and query package information functionality. APT suffers from an input validation error vulnerability that stems from APT incorrectly processing certain software packages. A local attacke...

CVE-2020-16952

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint...

CVE-2020-1834

HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135C00E135R2P11 and versions earlier than 10.1.0.135C00E135R2P8 have an insufficient integrity check vulnerability. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attack...

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2018-13361)

Microsoft SharePoint Enterprise Server 2016 and SharePoint Foundation 2013 SP1 are both products of Microsoft Corporation USA.Microsoft SharePoint Enterprise Server 2016 is Microsoft SharePoint Enterprise Server 2016 is an enterprise business collaboration platform. The platform is used to...

openSUSE Security Update : wireshark (openSUSE-2017-674)

This update for wireshark fixes minor vulnerabilities that could be used to trigger dissector crashes, infinite loops, or cause excessive use of CPU resources by making Wireshark read specially crafted packages from the network or a capture file : - CVE-2017-9352: Bazaar dissector infinite loop...

openSUSE Security Update : wireshark (openSUSE-2017-503)

This update to Wireshark 2.2.6 fixes minor vulnerabilities that could be used to trigger a dissector crash or infinite loops by sending specially crafted packages over the network or into a capture file : - CVE-2017-7700: NetScaler file parser infinite loop boo1033936 - CVE-2017-7701: BGP dissect...

UBUNTU-CVE-2015-8768

click/install.py in click does not require files in package filesystem tarballs to start with ./ dot slash, which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone...

DEBIAN-CVE-2014-0490

The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package...

DEBIAN-CVE-2006-5466

Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ruRU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages...

CVE-2006-5466

Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ruRU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages...