EUVD-2026-36265

tmp: Type-confusion bypass of assertPath allows path traversal via non-string prefix/postfix/template...

CVE-2026-49982

tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....

org.webjars.npm:bazel__karma (=1.7.0), org.webjars.npm:broccoli-merge-trees (=2.0.0) +15 more potentially affected by CVE-2026-44705 via org.webjars.npm:tmp (>=0.0.24 <=0.2.3)

org.webjars.npm:tmp MAVEN version =0.0.24, =2.1.0, =0.19.11, =0.2.11, =3.2.3, =6.5.0, =2.52.0, =4.10.0 - org.webjars.npm:snyk-go-plugin =1.5.2 - org.webjars.npm:snyk-python-plugin =1.8.1 and more Source cves: CVE-2026-44705 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16881241...

org.webjars.npm:bazel__karma (=1.7.0), org.webjars.npm:broccoli-merge-trees (=2.0.0) +15 more potentially affected by CVE-2025-54798 via org.webjars.npm:tmp (>=0.0.24 <=0.2.3)

org.webjars.npm:tmp MAVEN version =0.0.24, =2.1.0, =0.19.11, =0.2.11, =3.2.3, =6.5.0, =2.52.0, =4.10.0 - org.webjars.npm:snyk-go-plugin =1.5.2 - org.webjars.npm:snyk-python-plugin =1.8.1 and more Source cves: CVE-2025-54798 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-11501555...

Timeshift Code Execution Vulnerability

Timeshift is a Linux system restore tool. The product supports the creation of file system snapshots and provides features such as snapshot recovery. A security vulnerability exists in Timeshift versions prior to 20.03, which stems from the 'inittmp' function of the TeeJee.FileSystem.vala file...

CVE-2018-18654

Crossroads 2.81 is affected by a local-attack vulnerability during build of xr: a world-writable subdirectory under /tmp can be exploited when xr is copied there, allowing an attacker to replace the directory contents with a Trojan horse xr. This is described across multiple sources (NVD/Red Hat/...

CVE-2018-7441

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junksplitimage.ps in prog/splitimage2pdf.c...

RuboCop gem Insecure use of /tmp

RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users...

CVE-2014-0476

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...

Mathematica On Linux /tmp Vulnerability

"If you're doing anything technical, think Mathematica --..." http://www.wolfram.com/products/mathematica/index.html Mathematica7 on Linux uses the /tmp/MathLink directory in insecure ways. Mathematica creates or re-uses an existing /tmp/MathLink directory, and overwrites files within and follows...

Slackware Linux - &#039;/usr/bin/ppp-off&#039; Insecure /tmp Call

!/bin/sh In SlackWare Linux the script /usr/bin/ppp-off writes the output of 'ps x' to /tmp/grep.tmp. Since root is the user that runs ppp-off, a non-privileged user could create a link from /tmp/grep.tmp to any fileie: /etc/issue, thus when root runs the ppp-off script, the output of 'ps x' woul...