CVE-2026-49135

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

CVE-2026-49135 CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

CVE-2026-49135

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

PT-2026-45558

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

...

CVE-2026-4822

Summary: CVE-2026-4822 affects Enter Software Iperius Backup bis 8.7.3. The issue is in an unknown function within C:\ProgramData\IperiusBackup\Jobs\ of the Backup Service, where manipulation can create a temporary file with insecure permissions. The attack is local with high complexity, but a pu...

GHSA-2MXR-RC97-XRJ2 Robocode has an insecure temporary file creation vulnerability in the AutoExtract component

An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files...

PT-2025-46898

Name of the Vulnerable Software and Affected Versions Dell Alienware Command Center versions prior to 6.10.15.0 Description Dell Alienware Command Center 6.x contains an Insecure Temporary File flaw. A local attacker with low privileges could exploit this issue to gain elevated privileges on the...

Security Bulletin: Vulnerabilities in Netty-codec and Netty-handler might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Netty-codec and Netty-handler. Vulnerabilities include an incorrect validation of special crafted packet via SslHandler can lead to a native crash, the SniHandler can allocate up to 16MB of heap for each chann...

CVE-2025-34194

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 Windows client deployments contain an insecure temporary-file handling vulnerability in the PrinterInstallerClient components. The software creates files as NT...

CVE-2025-9474 Mihomo Party Socket sysproxy.ts enableSysProxy temp file

A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach...

CVE-2025-9474

CVE-2025-9474 affects Mihomo Party up to version 1.8.1 on macOS. The vulnerability is in the enableSysProxy function of src/main/sys/sysproxy.ts within the Socket Handler component and results in creation of a temporary file with insecure permissions. The attack is local in scope and described as...

PT-2025-34742 · Unknown · Mihomo Party

Name of the Vulnerable Software and Affected Versions: Mihomo Party versions through 1.8.1 Description: A vulnerability exists in Mihomo Party up to version 1.8.1 on macOS. The issue is related to the enableSysProxy function within the src/main/sys/sysproxy.ts file of the Socket Handler component...

OESA-2024-1735 nano security update

Nano is now part of Apache CouchDB. Security Fixes: A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a windo...

UBUNTU-CVE-2024-5742

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privilege...

CVE-2023-1713

Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file...

SUSE CVE-2023-43782

Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence...

Security Bulletin: There are several vulnerabilities in Liberty used by the IBM Maximo Manage application in the IBM Maximo Application Suite

Summary There are several vulnerabilities in Liberty used by the IBM Maximo Manage application in the IBM Maximo Application Suite. These vulnerabiblities have been addressed. Vulnerability Details CVEID:CVE-2023-0482 DESCRIPTION: RESTEasy could allow a local authenticated attacker to gain elevat...

Security Bulletin: CVE-2023-0482 may affect IBM CICS TX Advanced

Summary CVE-2023-0482 may affect IBM WebSphere Application Server Liberty supplied with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-0482 DESCRIPTION: RESTEasy could allow a local authenticated attacker to gain elevated privileg...

CVE-2021-21290

In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the...