Lucene search
K

455 matches found

Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-46406 Claude Code: Insecure Temporary File in /copy Command Enables Response Disclosure and Symlink-Based File Write

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS0.00149EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS0.00105EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/25 4:53 p.m.15 views

@anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write

The Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable directory 0755, allowing any local user to read a privileged user's Clau...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 8:41 p.m.4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Link Resolution Before File Access ('Link Following'), Use of Insufficiently Random Values, Insecure Temporary File (CVE-2026-40977, CVE-2026-40975, CVE-2026-40973)

Summary There are vulnerabilities in spring-boot-3.5.12.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-40977, CVE-2026-40975, CVE-2026-40973. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as...

8.2CVSS5.6AI score0.00312EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/27 2:4 p.m.14 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-boot (CVE-2026-40973, CVE-2026-40975, CVE-2026-40977)

Summary IBM Sterling Control Center is affected by vulnerabilities CVE-2026-40973, CVE-2026-40975, CVE-2026-40977 reported for spring-boot-3.4.11.jar. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take control of the...

8.2CVSS6AI score0.00312EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/04/23 12:0 a.m.4 views

Insecure Temporary File

Overview Affected versions of this package are vulnerable to Insecure Temporary File due to the ApplicationTemp mechanism creating a temporary directory using a predictable name. Because the name can be easily guessed, a local attacker on the same server can maliciously pre-create this directory...

7.3CVSS5.4AI score0.00136EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/25 4:56 p.m.1 views

Insecure Temporary File

Overview Affected versions of this package are vulnerable to Insecure Temporary File via the extractzippedpaths function. An attacker can leverage unauthorized file replacement by pre-creating a malicious file in the system's temporary directory prior to extraction. Note: Only applications that...

5.5CVSS5.9AI score0.00182EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 4:56 p.m.5 views

EUVD-2026-15754

Requests has Insecure Temp File Reuse in its extractzippedpaths utility function...

4.4CVSS5.8AI score0.00182EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/18 4:9 p.m.4 views

Insecure Temporary File

Overview @capgo/cli is an A CLI to upload to capgo servers Affected versions of this package are vulnerable to Insecure Temporary File via unsafe file operations that follow symlinks and do not enforce secure permissions. An attacker can overwrite arbitrary files or expose sensitive credential...

8.6CVSS5.9AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/26 10:35 p.m.9 views

CVE-2026-25701

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: gain access to possible private information found in /var/lib/pcrlock.d manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the...

7CVSS5.4AI score0.00108EPSS
Exploits0References1
CVE
CVE
added 2026/02/25 10:59 a.m.19 views

CVE-2026-25701

CVE-2026-25701 affects sdbootutil and is described as an Insecure Temporary File vulnerability allowing a local user to pre-create directories to access data in /var/lib/pcrlock.d, influence backups under /tmp/pcrlock.d.bak, and potentially overwrite protected files by placing symlinks in the /tm...

7CVSS5.4AI score0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/13 4:19 p.m.24 views

CVE-2025-46684

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering...

6.6CVSS0.00095EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:41 a.m.10 views

CVE-2022-0736

Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1...

8.2CVSS6.6AI score0.01551EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/08 3:14 a.m.3 views

CVE-2025-14614

Insecure Temporary File vulnerability in Altera Quartus Prime Standard Installer SFX on Windows, Altera Quartus Prime Lite Installer SFX on Windows allows Explore for Predictable Temporary File Names.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1...

6.7CVSS7AI score0.0009EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/06 9:24 p.m.3 views

CVE-2025-14612 Quartus Prime Pro Edition Advisory

Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...

6.7CVSS6.6AI score0.00092EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/09 7:41 a.m.4 views

Insecure Temporary File

Overview net.sf.robocode:robocode.battle is a Build the best - destroy the rest! Affected versions of this package are vulnerable to Insecure Temporary File via the createTempFile function. An attacker can execute arbitrary code or overwrite critical files by manipulating the temporary file...

9.3CVSS7.8AI score0.00277EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/12/09 7:29 a.m.4 views

CVE-2025-14307

An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files...

9.3CVSS5.9AI score0.00277EPSS
Exploits0
CVE
CVE
added 2025/12/09 7:29 a.m.18 views

CVE-2025-14307

Robocode 1.9.3.6 AutoExtract has an insecure temporary file creation vulnerability in createTempFile that can allow race-condition exploitation to potentially execute arbitrary code or overwrite files. The issue arises from insecure handling of temporary files, as described across multiple source...

9.3CVSS7.3AI score0.00277EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/11/18 12:0 a.m.4 views

DELL Alienware Command Center Elevation of Privilege Vulnerability

DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. An elevation of privilege vulnerability exists in DELL Alienware Command Center, which stems from an...

7.8CVSS7.3AI score0.00111EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/14 7:59 p.m.6 views

CVE-2025-46368

Dell Alienware Command Center 6.x AWCC, versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering...

6.6CVSS6.4AI score0.00101EPSS
Exploits0References1
Rows per page
Query Builder