Lucene search
K

414 matches found

Metasploit
Metasploit
added 2026/07/06 7:5 p.m.82 views

macOS PackageKit ZSH Environment Privilege Escalation

This module exploits CVE-2024-27822, a vulnerability in macOS PackageKit.framework where PKG installer scripts using a ZSH shebang !/bin/zsh are executed as root while inheriting the installing user's environment. This causes ZSH to load the user's /.zshenv with root privileges before the install...

7.8CVSS7.2AI score0.01312EPSS
Exploits2
OSV
OSV
added 2026/06/24 1:9 p.m.6 views

OESA-2026-2689 PackageKit security update

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API. Security Fixes: A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of th...

5.3CVSS5.4AI score0.00222EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 5:29 a.m.15 views

MGASA-2026-0180 Updated packagekit packages fix security vulnerability

PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root. CVE-2026-41651...

8.8CVSS7.5AI score0.0046EPSS
Exploits10References7
Mageia
Mageia
added 2026/06/09 5:29 a.m.16 views

Updated packagekit packages fix security vulnerability

PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root. CVE-2026-41651...

8.8CVSS7.7AI score0.0046EPSS
Exploits10References6
Redos
Redos
added 2026/06/09 12:0 a.m.11 views

ROS-20260609-73-0005

The vulnerability of the PackageKit package manager is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the system with root privileges...

8.8CVSS5.5AI score0.0046EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

RHEL 7 : PackageKit (RHSA-2026:22146)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22146 advisory. PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architectu...

8.8CVSS5.7AI score0.0046EPSS
Exploits10References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5AI score0.00222EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.10 views

RockyLinux 10 : PackageKit (RLSA-2026:19141)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19141 advisory. PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 Tenable has extracted the preceding description block...

8.8CVSS7.4AI score0.0046EPSS
Exploits10References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:29 a.m.15 views

SUSE CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5.4AI score0.00222EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-10294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such...

5.3CVSS5.2AI score0.00222EPSS
Exploits0References3
OSV
OSV
added 2026/06/02 10:8 a.m.10 views

RHSA-2026:22146 Red Hat Security Advisory: PackageKit security update

Bulletin has no description...

8.8CVSS5.7AI score0.0046EPSS
Exploits10References12
EUVD
EUVD
added 2026/06/02 12:31 a.m.16 views

EUVD-2026-33818

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References7
NVD
NVD
added 2026/06/01 10:16 p.m.12 views

CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS0.00222EPSS
Exploits0References6
OSV
OSV
added 2026/06/01 10:16 p.m.7 views

DEBIAN-CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 10:16 p.m.7 views

UBUNTU-CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:30 p.m.10 views

CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/01 9:30 p.m.9 views

CVE-2026-10294 PackageKit API pk-transaction.c g_file_test improper authorization

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References6
CVE
CVE
added 2026/06/01 9:30 p.m.28 views

CVE-2026-10294

CVE-2026-10294 affects PackageKit up to 1.3.5. The vulnerable component is the API function g_file_test in src/pk-transaction.c. Manipulation of the argument frontend-socket leads to improper authorization. The issue can be exploited remotely, and the exploit has been disclosed publicly and may b...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/01 9:30 p.m.67 views

CVE-2026-10294 PackageKit API pk-transaction.c g_file_test improper authorization

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS0.00222EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/06/01 9:30 p.m.9 views

CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5.5AI score0.00222EPSS
Exploits0
Rows per page
Query Builder