Lucene search
K

1125 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/11 7:47 p.m.7 views

CVE-2026-31979

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...

8.8CVSS5.9AI score0.00196EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/11 7:47 p.m.14 views

CVE-2026-31979

CVE-2026-31979 affects Himmelblau’s daemon (himmelblaud-tasks) running as root. The issue arises prior to 3.1.0 and 2.3.8 where the daemon writes Kerberos cache files under /tmp/krb5cc_ without symlink protections, and after commit 87a51ee PrivateTmp was removed from the systemd hardening, exposi...

8.8CVSS5.9AI score0.00196EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/04 12:0 a.m.8 views

CVE-2025-70342

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...

6.6CVSS5.8AI score0.00241EPSS
Exploits2References5
Github Security Blog
Github Security Blog
added 2026/03/03 10:8 p.m.16 views

OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot

Summary A sandbox path validation bypass in openclaw allows host file reads outside sandboxRoot via the media path fallback tmp flow when the fallback tmp root is a symlink alias. Affected Packages / Versions - Package: npm openclaw - Affected versions: without verifying that fallback path was a...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:11 p.m.13 views

Temporary path handling could write outside OpenClaw temp boundary

Summary Sandbox media local-path validation accepted absolute paths under host tmp, even when those paths were outside the active sandbox root. Affected Packages / Versions - Package: openclaw npm - Latest published version verified during triage: 2026.2.23 - Affected versions: = 2026.2.24 Detail...

8.6CVSS6AI score0.00344EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/03/03 12:59 p.m.1 views

SUSE-SU-2026:0765-1 Security update for smc-tools

This update for smc-tools fixes the following issues: Update to version 1.8.7 jscPED-14601. Security issues fixed: - VUL-1: smc-tools: predictable /tmp file allows for local denial of service bsc1230052, bsc1258495. Other updates and bugfixes: - smcrnics: fix regression when PFT not available -...

5.9AI score
Exploits0References3
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.8 views

Intego Log Reporter 安全漏洞

Intego Log Reporter is a log collection and analysis tool developed by Intego. There is a security vulnerability in Intego Log Reporter. This vulnerability stems from diagnostic scripts executed with root privileges, which fail to enforce secure directory handling when creating and writing files ...

8.5CVSS6.9AI score0.0011EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.5 views

CVE-2026-25512

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References1
NVD
NVD
added 2026/02/04 9:16 p.m.11 views

CVE-2026-25512

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

9.4CVSS0.18536EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:39 p.m.5 views

CVE-2026-25512

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2026/02/04 8:39 p.m.28 views

CVE-2026-25512 Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

9.4CVSS0.18536EPSS
Exploits2References2
CVE
CVE
added 2026/02/04 8:39 p.m.34 views

CVE-2026-25512

CVE-2026-25512 affects Group-Office prior to versions 6.8.150, 25.0.82, and 26.0.5. The vulnerability is an authenticated remote code execution via the /email/message/tnefAttachmentFromTempFile endpoint, where the user-controlled parameter tmp_file is directly concatenated into an exec() call. In...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2026/02/04 4:7 p.m.6 views

CVE-2026-23065 platform/x86/amd: Fix memory leak in wbrf_record()

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix memory leak in wbrfrecord The tmp buffer is allocated using kcalloc but is not freed if acpievaluatedsm fails. This causes a memory leak in the error path. Fix this by explicitly freeing the tmp buffer in th...

5.5CVSS5.4AI score0.00121EPSS
Exploits0References6
CVE
CVE
added 2026/02/04 4:7 p.m.18 views

CVE-2026-23065

CVE-2026-23065 is a Linux kernel issue affecting the x86/amd platform where a tmp buffer allocated in wbrf_record() is leaked on error in acpi_evaluate_dsm(). The vulnerability’s root cause is a memory leak in the error path, fixed by explicitly freeing the tmp buffer in the error handling path o...

5.5CVSS5.3AI score0.00121EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-23065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - platform/x86/amd: Fix memory leak in wbrfrecord The tmp buffer is allocated using kcalloc but is not freed if acpievaluatedsm fails. This causes a memory leak i...

5.5CVSS6.3AI score0.00121EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.9 views

PT-2026-5652

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.4.0 Description A flaw exists in mlflow version 2.20.3 where the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This allows an attacker with...

7CVSS7.3AI score0.00215EPSS
Exploits1References14
Cvelist
Cvelist
added 2026/01/27 9:22 a.m.32 views

CVE-2026-24347 Arbitrary file write to /tmp directory in EZCast Pro II Dongle

Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory...

5.7CVSS0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.11 views

PT-2026-4906

Name of the Vulnerable Software and Affected Versions EZCast Pro II version 1.17478.146 Description A flaw exists in the Admin UI that does not properly validate input. This allows attackers to manipulate files within the /tmp directory. Recommendations Update to a newer version that contains a f...

5.7CVSS5.4AI score0.00207EPSS
Exploits0References6
OSV
OSV
added 2026/01/22 9:39 p.m.4 views

CVE-2026-23953 Incus container environment configuration newline injection

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

8.7CVSS6.1AI score0.00471EPSS
Exploits1References6
NVD
NVD
added 2026/01/21 6:16 p.m.9 views

CVE-2021-47871

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

8.8CVSS0.00421EPSS
Exploits0References4
Rows per page
Query Builder