Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Packagekit_Project Packagekit

Pack2TheRoot Lab — CVE-2026-41651 A Dockerised, CTF-style loc...

PT-2026-32968

Impact This vulnerability impacts users of zarf package inspect sbom or zarf package inspect documentation on untrusted packages. Patches 4793, now fixed in version v0.74.2 Workarounds Avoid inspecting unsigned packages Description The package inspect sbom and package inspect documentation...

CVE-2022-26579

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...

CVE-2025-34500

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

EUVD-2019-5862

Malware in sbrugna...

EUVD-2017-16460

Malware in sbrugna...

EUVD-2024-39649

Malicious code in bioql PyPI...

CVE-2025-52550 Firmware upgrade packages are unsigned

E3 Site Supervisor Control firmware version 2.31F01 firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade...

Linux Distros Unpatched Vulnerability : CVE-2014-0022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows...

Linux Distros Unpatched Vulnerability : CVE-2017-7436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious server...

CVE-2019-14713

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages...

CVE-2024-42501

An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants...

CVE-2024-42501

An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants...

CVE-2024-42501 Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE)

An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants...

CVE-2024-42501

ArubaOS is affected by an authenticated Path Traversal vulnerability (CVE-2024-42501). The issue allows a remote attacker, with network access and high privileges, to install unsigned packages on the underlying OS and execute arbitrary code or implant software. The vulnerability source is ArubaOS...

CVE-2024-42501 Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE)

An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants...

ArubaOS 安全漏洞

ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba, USA. A security vulnerability exists in ArubaOS. An attacker could exploit the vulnerability by installing unsigned software packages on the underlying...

PT-2024-6565 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: A Path Traversal vulnerability exists in the ArubaOS, related to incorrect restriction of directory path names with limited access. Successful exploitation of this vulnerability allows an...

SUSE CVE-2014-0022

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package...

SUSE CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...