95 matches found
SUSE CVE-2026-39819
The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...
EUVD-2026-28422
The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...
CVE-2026-39819
The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...
CVE-2026-39819
The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...
PT-2026-38563
Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description The "go bug" command writes to two files with predictable names in the system temporary directory, such as "/tmp". An attacker with access to this directory can create a symbolic link symlink—a fi...
EUVD-2025-209585
The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...
CVE-2025-67223
The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...
Requests 安全漏洞
Requests is an elegant and simple HTTP library from the Python Foundation. With Requests, you can send HTTP/1.1 requests with great ease. There’s no need to manually add query strings to your URLs, nor to encode POST data using forms. Versions of Requests prior to 2.33.0 contained a security...
PT-2026-27640
Name of the Vulnerable Software and Affected Versions PeproDev Ultimate Invoice WordPress plugin versions through 2.2.5 Description The plugin allows for the bulk download of invoices, generating ZIP archives containing exported invoice PDFs. The ZIP file names are predictable, potentially allowi...
WordPress plugin Magic Login Mail or QR Code 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EUVD-2025-206254
Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...
CVE-2025-14612
Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...
CVE-2025-14612 Quartus Prime Pro Edition Advisory
Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...
CVE-2025-14612 Quartus Prime Pro Edition Advisory
Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...
CVE-2025-11379
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
CVE-2025-11379 WebP Express <= 0.25.9 - Unauthenticated Information Exposure
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
EUVD-2005-0712
Malware in sbrugna...
EUVD-2008-5337
Malware in sbrugna...
EUVD-2001-1363
Malware in sbrugna...
EUVD-2000-1081
Malware in sbrugna...