CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•4 views

CVE-2026-44469

The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before...

8.5CVSS5.5AI score0.00011EPSS

OSV•added 2 days ago•4 views

USN-8385-1 robocode vulnerabilities

It was discovered that Robocode could be tricked into making network requests to attacker-controlled systems. An attacker could possibly use this issue to cause external service interaction, resulting in information disclosure. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

10CVSS6AI score0.00726EPSS

Exploits0References5

EUVD•added 5 days ago•9 views

EUVD-2026-33750

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS6.1AI score0.00058EPSS

Exploits0References4

EUVD•added 5 days ago•6 views

EUVD-2026-33676

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

6.3CVSS5.7AI score0.00027EPSS

Exploits0References3

CNNVD•added 5 days ago•6 views

CodexBar security vulnerabilities

CodexBar is an AI programming service usage monitoring tool developed by Peter Steinberger. Versions of CodexBar prior to 0.32.0 contained security vulnerabilities. These vulnerabilities stemmed from the handling of insecure temporary files during the publication of workflows, which could allow...

7.2CVSS5.8AI score0.00023EPSS

Exploits0References4

CNNVD•added 5 days ago•6 views

CodexBar security vulnerabilities

CodexBar is an AI programming service usage monitoring tool developed by Peter Steinberger. Versions of CodexBar prior to 0.32.0 contained a security vulnerability. This vulnerability stemmed from a race condition in the handling of temporary files during CLI installation, which could allow local...

7.5CVSS6.1AI score0.00058EPSS

Exploits0References4

CNNVD•added 5 days ago•5 views

NextCloud Temporary Files Lock Authorization Vulnerability

NextCloud Temporary Files Lock is an open-source tool developed by NextCloud for locking temporary files, preventing others from editing them. In versions 32.0.0 to 32.0.2 and 33.0.0 to 33.0.1 of NextCloud Temporary Files Lock, there were authorization-related vulnerabilities. These vulnerabiliti...

6.3CVSS5.8AI score0.00024EPSS

Exploits0References3

NVD•added 2026/05/27 3:16 p.m.•11 views

CVE-2026-9712

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

7CVSS0.00043EPSS

Vulnrichment•added 2026/05/27 2:35 p.m.•5 views

CVE-2026-9712 Insecure direct object reference

EUVD•added 2026/05/27 2:35 p.m.•5 views

EUVD-2026-32530

ATTACKERKB•added 2026/05/27 2:35 p.m.•7 views

CVE-2026-9712

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-44034

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в tomcat9

Improper resource shutdown or release vulnerabilities in Apache Tomcat. If an error occurs including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts stored on the disk are not deleted immediately but are left for the garbage collection process ...

5.3CVSS7.1AI score0.00129EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в thunderbird

Previously, Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp. However, this behavior was changed so that the files were downloaded to /tmp, where they could be affected by other local users. This behavior has been reverted to the original,...

6.5CVSS6.7AI score0.00363EPSS

Exploits1References1

NVD•added 2026/05/19 2:16 a.m.•8 views

CVE-2026-33232

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service DoS through the server due to uncontrolled disk space consumption. The downloadagentfile...

7.5CVSS0.00071EPSS

CVE•added 2026/05/19 12:35 a.m.•11 views

CVE-2026-33232

The CVE-2026-33232 flaw affects AutoGPT Platform (versions 0.4.2–0.6.51). The issue is an unauthenticated DoS caused by the download_agent_file endpoint creating persistent temporary files per request and failing to delete them after serving, enabling an unauthenticated attacker to repeatedly exh...

7.5CVSS5.8AI score0.00071EPSS