Lucene search
K

1124 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/21 5:27 p.m.4 views

CVE-2021-47871

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

8.8CVSS5.6AI score0.00421EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/21 5:27 p.m.20 views

CVE-2021-47871 Hestia Control Panel 1.3.2 - Arbitrary File Write

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

8.8CVSS0.00421EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.12 views

PT-2026-3823

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

8.8CVSS5.8AI score0.00421EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.6 views

MiracleLinux 3 : sysstat-7.0.2-11.0.1.AXS3 (AXSA:2011-321:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-321:01 advisory. This package provides the sar and iostat commands for Linux. Sar and iostat enable system monitoring of disk, network, and other IO activity. Security issues...

4.4CVSS6AI score0.00433EPSS
Exploits0References2
NVD
NVD
added 2026/01/15 4:16 p.m.7 views

CVE-2025-67077

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action...

8.8CVSS0.00361EPSS
Exploits0References2
OSV
OSV
added 2026/01/15 4:16 p.m.6 views

CVE-2025-67077

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action...

8.8CVSS5.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.9 views

PT-2026-3022

Name of the Vulnerable Software and Affected Versions Omnispace Agora Project versions prior to 25.10 Description A file upload issue exists in the Omnispace Agora Project. The issue allows authenticated users, and potentially guest users under certain conditions, to upload files via the...

8.8CVSS6.6AI score0.00361EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.7 views

MiracleLinux 3 : sudo-1.7.2p1-14.AXS3.3 (AXSA:2012-777:03)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-777:03 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...

5.6CVSS5.7AI score0.00435EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 9 : thunderbird-128.10.0-1.el9_6.ML.1 (AXSA:2025-10475:14)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10475:14 advisory. thunderbird: User Interface UI Misrepresentation of attachment URL CVE-2025-3523 thunderbird: Information Disclosure of /tmp directory listing...

6.4CVSS6.9AI score0.00313EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 9 : socat-1.7.4.1-6.el9_6.1 (AXSA:2025-10632:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10632:02 advisory. socat: arbitrary file overwrite via predictable /tmp directory CVE-2024-54661 Tenable has extracted the preceding description block directly from the...

9.8CVSS7.1AI score0.00794EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 9 : thunderbird-128.9.2-1.el9_5.ML.1 (AXSA:2025-9897:08)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9897:08 advisory. thunderbird: User Interface UI Misrepresentation of attachment URL CVE-2025-3523 thunderbird: Information Disclosure of /tmp directory listing...

6.4CVSS6.9AI score0.00313EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:19 p.m.8 views

CVE-2018-10519

CMS Made Simple CMSMS 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the effuid value within $COOKIE$this-loginkey to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because o...

8.8CVSS7.1AI score0.01014EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:14 a.m.9 views

CVE-2016-10799

cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation SEC-137...

5.5CVSS7AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:58 a.m.6 views

CVE-2025-67091

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API cal...

6.5CVSS7.1AI score0.02981EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.8 views

CVE-2021-22571

A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above...

5.5CVSS6.3AI score0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/01/08 12:0 a.m.8 views

CVE-2025-67091

CVE-2025-67091 affects GL.iNet AX1800 firmware versions 4.6.4 and 4.6.8 . The issue lies in the GL.iNet custom opkg wrapper script at /usr/libexec/opkg-call , which runs with root privileges when triggered via the LuCI web interface or authenticated API calls to manage packages. Vulnerable code u...

6.5CVSS6.7AI score0.02981EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/12/31 12:31 a.m.5 views

EUVD-2022-55937

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenticated attackers can execute the malicious commands by making a single HTTP POST request to the...

8.5CVSS7AI score0.03744EPSS
Exploits2References6
EUVD
EUVD
added 2025/12/31 12:31 a.m.4 views

EUVD-2022-55935

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the vulnerable ping.php script,...

8.5CVSS7AI score0.03353EPSS
Exploits2References6
OSV
OSV
added 2025/12/30 11:15 p.m.5 views

CVE-2022-50795

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the traceroute.php script, which...

7.8CVSS5.9AI score0.03713EPSS
Exploits2References5
OSV
OSV
added 2025/12/30 11:15 p.m.4 views

CVE-2022-50791

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the vulnerable ping.php script,...

7.8CVSS5.9AI score0.03353EPSS
Exploits2References5
Rows per page
Query Builder