Lucene search
K

1377 matches found

CVE
CVE
added 3 days ago14 views

CVE-2026-13165

SzafirHost is affected by a remote code execution vulnerability (CVE-2026-13165) in the way it validates versus extracts native libraries from archives. The application verifies the downloaded native library archive using JarFile (Central Directory) but extracts libraries with JarInputStream (seq...

8.6CVSS6AI score0.00418EPSS
Exploits0References2
OSV
OSV
added 3 days ago5 views

PYSEC-2026-346 gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS6AI score0.00401EPSS
Exploits0References7
NVD
NVD
added 6 days ago12 views

CVE-2025-11919

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

9.6CVSS0.004EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2025-11919

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

9.6CVSS6.2AI score0.004EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 6 days ago7 views

EUVD-2025-210362

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

9.6CVSS6.2AI score0.004EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 9:30 p.m.17 views

CVE-2026-53765

CVE-2026-53765 / GHSA-3PVJ-JV98-QHJQ affects chrome-devtools-mcp (Chrome DevTools for agents). The vulnerability occurs when the daemon writes its PID file to a deterministic runtime path under /tmp on POSIX systems (macOS or Linux with XDG_RUNTIME_DIR unset). The code uses fs.writeFileSync() wit...

6.1CVSS5.9AI score0.00077EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 7:25 p.m.35 views

CVE-2026-54328 Pi: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary...

7.3CVSS0.00115EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:25 p.m.23 views

CVE-2026-54328

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary...

7.3CVSS5.9AI score0.00115EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/22 3:21 p.m.7 views

EUVD-2026-38265

A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths...

6.1CVSS6.5AI score0.00263EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.10 views

Malicious code in @thymelab/logfx (npm)

@thymelab/logfx malicious version 2.15.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

6.1AI score
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible Engine, affecting versions 2.7.x before 2.7.17, 2.8.x before 2.8.11, 2.9.x before 2.9.7, as well as Ansible Tower in versions 3.4.5, 3.5.5, and 3.6.3. This issue occurs when using modules that decrypt vault files, such as assemble, script, unarchive, wincopy, awss...

5.5CVSS6.7AI score0.00376EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Thunderbird

Thunderbird’s handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By creating a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

8.1CVSS7.1AI score0.00363EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in pgagent

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator was used when generating the directory name, which allows a local attacker to pre-create the directory a...

7.1CVSS5.4AI score0.00171EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty versions 1.0 through 9.4.32.v20200930, 10.0.0alpha1 through 10.0.0.beta2, and 11.0.0alpha1 through 11.0.0.beta2O, on Unix-like systems, the system’s temporary directory is shared among all users on that system. A collocated user can observe the process of creating a temporary...

7CVSS7.3AI score0.043EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Ansible

A race condition flaw was discovered in Ansible Engine 2.7.17 and earlier versions, as well as 2.8.9 and earlier, and 2.9.6 and earlier. This issue occurs when running a playbook with an unprivileged “become user” command. When Ansible needs to execute a module with the “become user” command, a...

5CVSS6.7AI score0.004EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/18 4:14 p.m.9 views

EUVD-2025-210281

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, ScreenshotWebPageBlock will store the captured screenshots in a temporary directory. StepThroughItemsBlock can be used to iterate ScreenshotWebPageBlock...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 2:17 p.m.10 views

CVE-2026-11958

Local privilege escalation by loading DLLs from a shared temporary directory in ANSSI’s DFIR-ORC, versions 10.2.7 and prior. An attacker with prior access to the system, can place a malicious DLL in C:\Windows\Temp and wait for the application to be executed. Because DFIR-ORC is extracted and...

7.3CVSS0.00102EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/17 2:1 p.m.8 views

Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory

Summary The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync to a deterministic runtime path. On typical macOS environments, and on Linux sessions where $XDGRUNTIMEDIR is unset, that runtime path falls back to /tmp/chrome-devtools-mcp-/daemon.pid. Because the write does not us...

6.1CVSS5.5AI score0.00077EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50494

Name of the Vulnerable Software and Affected Versions @earendil-works/pi-coding-agent versions 0.74.0 through 0.78.0 @mariozechner/pi-coding-agent versions 0.50.0 through 0.73.1 Description Pi is a minimal terminal coding harness that used predictable paths under the operating system temporary...

7.3CVSS6.2AI score0.00115EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50471

Name of the Vulnerable Software and Affected Versions chrome-devtools-mcp affected versions not specified Description On POSIX systems, specifically macOS and Linux sessions where the XDG RUNTIME DIR environment variable is unset, the daemon writes its PID file to a deterministic path in /tmp usi...

6.1CVSS5.4AI score0.00077EPSS
Exploits1References8
Rows per page
Query Builder