Lucene search
K

3890 matches found

NCSC
NCSC
added yesterday6 views

Vulnerabilities in Palo Alto Networks PAN-OS

Palo Alto Networks has identified several vulnerabilities in the PAN-OS software, particularly in PA-Series and VM-Series firewalls, as well as the Panorama management platform. These vulnerabilities affect various components of PAN-OS. - There are several XSS vulnerabilities in the User-ID...

9.9CVSS7.1AI score0.01172EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-46388 osquery: Unprivileged users can temporarily read file carve contents

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not...

4.4CVSS0.00094EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-56814 Plug: multipart :length limit is not charged for part headers, enabling unbounded temp-file creation (denial of service)

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS0.00579EPSS
Exploits0References9
CVE
CVE
added 4 days ago8 views

CVE-2026-56814

Summary: CVE-2026-56814 affects Plug:Multipart in Elixir’s Plug.Parsers.MULTIPART, where the :length budget is applied only to part body bytes. Part headers are not counted, so requests with many empty-body file parts can slip under the length limit and create a temporary file per part, triggerin...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References9
NVD
NVD
added 5 days ago8 views

CVE-2026-0282

A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web...

6.9CVSS0.00357EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42508

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

7.5CVSS6AI score0.00256EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56911

Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description An issue in the management web interface of PAN-OS software, affecting PA-Series and VM-Series firewalls as well as Panorama virtual and M-Series, allows an unauthenticated attacker with netwo...

6.9CVSS6.6AI score0.00357EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 8:32 p.m.4 views

GHSA-RXRH-4J9H-XGG9 Steeltoe: TLS private keys written to /tmp with default permissions, never deleted

Summary When MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors library writes those credentials to temporary files in Path.GetTempPath using File.CreateText. On Linux, File.CreateText creates files with mode 0644 world-readable under the process...

4.7CVSS5.8AI score0.00065EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 2:13 p.m.5 views

PYSEC-2026-645 instack-undercloud vulnerable to symlink attack on tmp files

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...

6.4CVSS6.6AI score0.00347EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2026/06/30 12:13 a.m.6 views

org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files

A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service...

7.5CVSS6.5AI score0.01941EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/30 12:12 a.m.6 views

org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files

A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service...

7.5CVSS6.5AI score0.01941EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/30 12:12 a.m.9 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.15 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.6CVSS7AI score0.0217EPSS
Exploits1References10
OSV
OSV
added 2026/06/26 10:10 p.m.2 views

GHSA-5G9F-CWWG-4P8G PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles

Summary AbstractGenerator::$temporaryFiles is a public array, and removeTemporaryFiles — invoked from destruct and from a registered shutdown function — calls unlink on every entry without verifying that the path is contained within the temporary folder. Any code holding a reference to a generato...

3CVSS6AI score0.00112EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/26 10:10 p.m.11 views

EUVD-2026-38036

PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles...

3CVSS5.9AI score0.00112EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 4:16 p.m.12 views

CVE-2025-11919

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

9.6CVSS0.004EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:41 p.m.36 views

CVE-2026-48500 Filament: Unauthenticated temporary file upload on auth pages

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can contain a file upload form field, so Filament applies Livewire's WithFileUploads trait to the Livewire component the schema is embedded in. However, so...

6.5CVSS0.00207EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 3:16 p.m.13 views

CVE-2026-49358

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, AbstractGenerator::$temporaryFiles is a public array, and removeTemporaryFiles — invoked from destruct and from a registered shutdown function — calls unlink on every entry without verifying...

3CVSS0.00112EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 2:52 p.m.33 views

CVE-2026-49358 PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, AbstractGenerator::$temporaryFiles is a public array, and removeTemporaryFiles — invoked from destruct and from a registered shutdown function — calls unlink on every entry without verifying...

3CVSS0.00112EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50925

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The AbstractGenerator::$temporaryFiles public array allows any code with a reference to a generator instance to...

3CVSS6.1AI score0.00112EPSS
Exploits0References10
NVD
NVD
added 2026/06/18 5:16 p.m.11 views

CVE-2025-32437

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, MediaDurationBlock will download and store the video in a temporary directory without deleting before all noded are done. StepThroughItemsBlock can be used t...

8.7CVSS0.00276EPSS
Exploits0References1
Rows per page
Query Builder