Lucene search
K

1124 matches found

CVE
CVE
added 2026/05/16 3:26 p.m.13 views

CVE-2021-47976

CVE-2021-47976 affects TextPattern CMS 4.9.0-dev. An authenticated attacker can exploit the plugin upload functionality to upload arbitrary PHP files, obtain a CSRF token from the plugin event page, and place PHP payloads in the textpattern/tmp/ directory for code execution. The CVE is documented...

8.8CVSS6.5AI score0.00315EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/16 3:26 p.m.42 views

CVE-2021-47976 TextPattern CMS 4.9.0-dev Authenticated Remote Code Execution via Plugin Upload

TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to...

8.8CVSS0.00315EPSS
Exploits0References4
Amazon
Amazon
added 2026/05/15 12:0 a.m.13 views

Low: socat

Issue Overview: readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. CVE-2024-54661 Affected Packages: socat Issue Correction: Run dnf update socat --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1701 --releasever 2023.11.20260514 to update your system...

9.8CVSS6.8AI score0.00794EPSS
Exploits0
NVD
NVD
added 2026/05/14 4:16 p.m.35 views

CVE-2026-42597

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

5.9CVSS0.00251EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/14 3:34 p.m.10 views

CVE-2026-42597 Gotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// scheme

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

5.9CVSS5.8AI score0.00251EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:34 p.m.9 views

CVE-2026-42597

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

5.9CVSS5.8AI score0.00251EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/14 3:34 p.m.8 views

EUVD-2026-30317

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

5.9CVSS5.8AI score0.00251EPSS
Exploits1References1
CVE
CVE
added 2026/05/14 3:34 p.m.16 views

CVE-2026-42597

Gotenberg’s Chromium URL routes (/forms/chromium/convert/url and /forms/chromium/screenshot/url) allow file:// access to /tmp for anonymous callers, enabling cross-request data exfiltration by enumerating work/request directories during overlapping conversions. This is caused by the HTML/Markdown...

5.9CVSS5.8AI score0.00251EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of protection for URL routing using...

5.9CVSS5.8AI score0.00251EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.13 views

CVE-2026-34354

Akamai Guardicore Platform Agent GPA and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the...

7.4CVSS6AI score0.00325EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/07 10:45 p.m.9 views

CVE-2026-8115 gyoridavid short-video-maker REST API rest.ts path traversal

A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The...

6.9CVSS5.7AI score0.00575EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/03 1:51 a.m.96 views

race-condition-exploit

🔐 Race Condition Exploit & Mitigation TOCTOU This project d...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/04/29 8:42 p.m.8 views

Arbitrary File Upload

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Arbitrary File Upload via the installthemefromtmp process. An attacker can execute arbitrary PHP code on the server by uploading a specially crafted ZIP file containing...

8.6CVSS6.2AI score0.00501EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/04/27 12:0 a.m.8 views

ONNX model cache defaults to world-writable predictable /tmp directory

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Only applications that use TransformersEmbeddingModel and have the cache enabled, using the default location, are affected...

6.1CVSS5.9AI score0.00105EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

3.3CVSS5.2AI score0.00132EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 5:29 p.m.6 views

CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE

Summary ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the theme create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the publ...

9.4CVSS6.5AI score0.00484EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/18 12:0 a.m.14 views

SUSE SLES15 / openSUSE 15 Security Update : smc-tools (SUSE-SU-2026:1422-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1422-1 advisory. This update for smc-tools fixes the following issue: Update to smc-tools v1.8.7: - predictable /tmp file allows for local denial of servic...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/04/16 11:44 p.m.4 views

BIT-MLFLOW-2025-10279 Privilege Escalation in mlflow/mlflow

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS7.3AI score0.00215EPSS
Exploits1References3
Securelist
Securelist
added 2026/04/09 9:30 a.m.8 views

The long road to your crypto: ClipBanker and its marathon infection chain

At the start of the year, a certain Trojan caught our eye due to its incredibly long infection chain. In most cases, it kicks off with a web search for "Proxifier". Proxifiers are speciaized software designed to tunnel traffic for programs that do not natively support proxy servers. They are a...

6.2AI score
Exploits0
OSV
OSV
added 2026/04/01 9:26 a.m.6 views

OPENSUSE-FU-2026:20453-1 Feature update for himmelblau

This update for himmelblau fixes the following issues: Update to himmelblau 2.3.8 jscPED-14511: Security issues: - CVE-2025-54882: world readable cloud TGT token bsc1247735. - CVE-2025-58160: tracing-subscriber: Tracing log pollution bsc1249013. - CVE-2026-25727: time: parsing of user-provided...

8.8CVSS5.9AI score0.00303EPSS
Exploits2References9
Rows per page
Query Builder