Linux Distros Unpatched Vulnerability : CVE-2026-48693

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to...

CVE-2026-43982

Algernon (a small Go web server) has a path-traversal risk in lua/upload/upload.go: uploadedFileSaveIn() joins a caller-supplied directory with filepath.Join() and performs no boundary check after joining. A path like ../../../tmp can resolve to /tmp, bypassing web-root constraints. The issue aff...

CVE-2021-47976

TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to...

CVE-2021-47976 TextPattern CMS 4.9.0-dev Authenticated Remote Code Execution via Plugin Upload

TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to...

CVE-2026-42597

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

EUVD-2026-30317

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

CVE-2026-42597

Gotenberg’s Chromium URL routes (/forms/chromium/convert/url and /forms/chromium/screenshot/url) allow file:// access to /tmp for anonymous callers, enabling cross-request data exfiltration by enumerating work/request directories during overlapping conversions. This is caused by the HTML/Markdown...

CVE-2026-42597

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of protection for URL routing using...

CVE-2026-34354

Akamai Guardicore Platform Agent GPA and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the...

Astra Linux - уязвимость в thunderbird

By creating a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the...

race-condition-exploit

🔐 Race Condition Exploit & Mitigation TOCTOU This project d...

GHSA-9FFQ-6457-8958 Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil

Summary A path traversal vulnerability exists in the FileUtil class of the code16/sharp package. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. Detail In src/Utils/FileUtil.php, the FileUtil::explodeExtension function...

PT-2026-26770

Summary The aVideoEncoderChunk.json.php endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthenticated remote attacker can send arbitrary POST data which is written to persistent temp files in /tmp/ with no size cap, no rat...

CVE-2026-3888

A privilege escalation flaw has been discovered in snapd. This local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. Mitigation Mitigation...

USN-8102-2 snapd regression

USN-8102-1 fixed a vulnerability in snapd. The update caused a regresision for Ubuntu 24.04 LTS while installing the package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that snapd incorrectly handled certain operations in the...

EUVD-2026-12570

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS...

CVE-2026-3888

Summary: CVE-2026-3888 is a local privilege escalation in snapd on Linux, enabling a local attacker to gain root by re-creating snap’s private /tmp directory when systemd-tmpfiles cleans it. Affected software: snapd on Linux distributions listed by the initial description (Ubuntu 16.04 LTS, 18.04...

Linux Distros Unpatched Vulnerability : CVE-2026-3888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is...

Intego Log Reporter 安全漏洞

Intego Log Reporter is a log collection and analysis tool developed by Intego. There is a security vulnerability in Intego Log Reporter. This vulnerability stems from diagnostic scripts executed with root privileges, which fail to enforce secure directory handling when creating and writing files ...