EUVD-2026-33751

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

Astra Linux - уязвимость в netty

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high-performance protocol servers and clients. Before version 4.1.59.Final, there was a vulnerability on Unix-like systems involving an insecure temporary file. When Netty’s...

CVE-2026-4822

A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only...

CVE-2026-4822

A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only...

CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

CVE-2026-25645

The CVE describes an insecure temp-file extraction in the Requests library prior to v2.33.0. The vulnerable function requests.utils.extract_zipped_paths() writes the CA bundle into /tmp using a predictable, non-unique filename (e.g., cacert.pem) and reuses an existing file if present, rather than...

Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Impact The requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could...

CVE-2025-46684

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering...

CVE-2025-46685

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

CVE-2025-46684

Dell SupportAssist OS Recovery (pre-5.5.15.1) contains a flaw where temporary files are created with insecure permissions, enabling a low-privilege local attacker to tamper with information. Affected product: Dell SupportAssist OS Recovery. Root cause: insecure temporary file permissions during c...

CVE-2025-46369

Dell Alienware Command Center 6.x AWCC, versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation...

CVE-2025-34194

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 Windows client deployments contain an insecure temporary-file handling vulnerability in the PrinterInstallerClient components. The software creates files as NT...

CVE-2025-34194

Vasion Print (PrinterLogic) Virtual Appliance Host (pre-25.1.102) and Windows client deployments (pre-25.1.1413) are affected by an insecure temporary-file handling issue in the PrinterInstallerClient component. The software creates files as NT AUTHORITY\SYSTEM inside a user-controlled Temp path ...

JumpCloud Agent 安全漏洞

JumpCloud Agent is an application from JumpCloud, Inc. allows IT administrators to remotely manage Windows, Mac and Linux systems using security policies. A security vulnerability exists in JumpCloud Agent versions prior to 1.178.0, which stems from a vulnerability that allows an attacker to crea...

RESTEasy: creation of insecure temp files

In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user...

Medium: resteasy-base

Issue Overview: A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's paramete...

Security Bulletin: Vulnerability in WebSphere Liberty affect Cloud Pak System [CVE-2023-0482]

Summary Vulnerability in WebSphere Liberty affect Cloud Pak System CVE-2023-0482. Vulnerability Details CVEID:CVE-2023-0482 DESCRIPTION: RESTEasy could allow a local authenticated attacker to gain elevated privileges on the system, caused by the creation of insecure temp files in the...

RESTEasy: creation of insecure temp files

In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user...

RESTEasy: creation of insecure temp files

In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user...

Security Bulletin: RESTEasy component is vulnerable to CVE-2023-0482 is used by IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses RESTEasypackage which is vulnerable to CVE-2023-0482. Vulnerability Details CVEID:CVE-2023-0482 DESCRIPTION: RESTEasy could allow a local authenticated attacker to gain elevated privileges on the system, caused by the creation of insecure temp files in th...