CVE-2026-42171

NSIS Nullsoft Scriptable Install System 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges if they can cause myGetTempFileName to return 0, as shown in the references...

CVE-2026-22171

OpenClaw is affected by a path traversal in the Feishu media download flow. In versions prior to 2026.2.19, untrusted media keys (imageKey/fileKey) were interpolated directly into temporary-file paths in extensions/feishu/src/media.ts, allowing an attacker who can control those keys to craft path...

CVE-2025-66384

app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmpname...

EUVD-2023-0150

Malicious code in bioql PyPI...

CVE-2025-61659

bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...

RHEL 8 : gimp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - gimp: predictable temporary file name in test-xcf.c unit test CVE-2018-12713 Note that Nessus has not tested for th...

RHEL 7 : gimp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gimp: Heap-based buffer overflow in readchanneldata function in plug-ins/common/file-psp.c CVE-2017-17789...

PT-2023-14046 · Oro · Oroplatform

Name of the Vulnerable Software and Affected Versions: OroPlatform versions prior to 5.0.9 Description: Path Traversal is possible in OroBundleGaufretteBundleFileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file, which will allow writing the...

SUSE CVE-2015-4025

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to 1...

Babiloo has an unspecified vulnerability

babiloo is a suite of open source software for reading offline dictionaries. A security vulnerability exists in version 2.0.9 prior to babiloo 2.0.11, which stems from a temporary file created by the program that can be easily guessed by the file name and can be exploited by a local attacker to...

DEBIAN-CVE-2016-10345

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

Fedora Core 3 : texinfo-4.8-2.2 (2005-990)

This package fixes a temporary file name vulnerability in the texindex program CVE-2005-3011. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

Mozilla < 0.9 Predictable Temporary File Name File Deletion (deprecated)

Binary data 1746.prm...