CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1092 matches found

Langflow < 1.9.0 - Remote Code Execution

Langflow versions prior to 1.9.0 are vulnerable to unauthenticated remote code execution RCE via the buildpublictmp endpoint. Attackers can submit a manipulated flow JSON containing Python code that is executed during the build process without proper sandboxing. id: CVE-2026-33017 info: name:...

9.8CVSS6.6AI score0.23981EPSS

Exploits16References3

EUVD•added 2026/05/27 3:33 p.m.•5 views

EUVD-2026-32357

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

5.9AI score0.00032EPSS

Exploits0References8

OSV•added 2026/05/27 12:34 a.m.•4 views

GHSA-PH9P-34F9-6G65 tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape

Summary The tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ../ or path separators in these parameters, attackers can cause file...

8.7CVSS5.7AI score

Exploits0References3

Tenable Nessus•added 2026/05/27 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-48693

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to...

5.5CVSS5.9AI score0.00026EPSS

Exploits0References3

NVD•added 2026/05/26 5:16 p.m.•10 views

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

5.5CVSS0.00026EPSS

Exploits0References4

OSV•added 2026/05/26 5:16 p.m.•4 views

DEBIAN-CVE-2026-48693

5.5CVSS5.9AI score0.00026EPSS

Exploits0References1

OSV•added 2026/05/26 5:16 p.m.•3 views

UBUNTU-CVE-2026-48693

5.5CVSS5.9AI score0.00026EPSS

Exploits0References6

CVE•added 2026/05/26 4:30 p.m.•6 views

CVE-2026-43982

Algernon (a small Go web server) has a path-traversal risk in lua/upload/upload.go: uploadedFileSaveIn() joins a caller-supplied directory with filepath.Join() and performs no boundary check after joining. A path like ../../../tmp can resolve to /tmp, bypassing web-root constraints. The issue aff...

8.7CVSS5.8AI score0.00061EPSS

Exploits0References2

Cvelist•added 2026/05/26 12:0 a.m.•30 views

CVE-2026-48693

0.00026EPSS

Exploits0References4

ATTACKERKB•added 2026/05/26 12:0 a.m.•7 views

CVE-2026-48693

5.9AI score0.00026EPSS

Exploits0References5

OSV•added 2026/05/23 4:18 p.m.•4 views

ROOT-APP-NPM-CVE-2025-54798 CVE-2025-54798 in @rootio/tmp - Patched by Root

Root has patched CVE-2025-54798 in the @rootio/tmp package for Root:npm. Multiple fixed versions available...

2.5CVSS5.8AI score0.00469EPSS

Exploits1

NVD•added 2026/05/16 4:16 p.m.•6 views

CVE-2021-47976

TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to...

8.8CVSS0.00108EPSS

Exploits0References4

Cvelist•added 2026/05/16 3:26 p.m.•30 views

CVE-2021-47976 TextPattern CMS 4.9.0-dev Authenticated Remote Code Execution via Plugin Upload

8.8CVSS0.00108EPSS

Exploits0References4

CVE•added 2026/05/16 3:26 p.m.•4 views

CVE-2021-47976

CVE-2021-47976 affects TextPattern CMS 4.9.0-dev. An authenticated attacker can exploit the plugin upload functionality to upload arbitrary PHP files, obtain a CSRF token from the plugin event page, and place PHP payloads in the textpattern/tmp/ directory for code execution. The CVE is documented...

8.8CVSS6.5AI score0.00108EPSS

Exploits0References4

Amazon•added 2026/05/15 12:0 a.m.•6 views

Low: socat

Issue Overview: readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. CVE-2024-54661 Affected Packages: socat Issue Correction: Run dnf update socat --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1701 --releasever 2023.11.20260514 to update your system...

9.8CVSS6.8AI score0.00169EPSS

Exploits0

NVD•added 2026/05/14 4:16 p.m.•6 views

CVE-2026-42597

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

5.9CVSS0.00044EPSS

Exploits1References1

EUVD•added 2026/05/14 3:34 p.m.•3 views

EUVD-2026-30317

5.9CVSS5.8AI score0.00044EPSS

Exploits1References1

CVE•added 2026/05/14 3:34 p.m.•5 views

CVE-2026-42597

Gotenberg’s Chromium URL routes (/forms/chromium/convert/url and /forms/chromium/screenshot/url) allow file:// access to /tmp for anonymous callers, enabling cross-request data exfiltration by enumerating work/request directories during overlapping conversions. This is caused by the HTML/Markdown...

5.9CVSS5.8AI score0.00044EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/05/14 3:34 p.m.•6 views

CVE-2026-42597

5.9CVSS5.8AI score0.00044EPSS

Exploits1References2Affected Software1