Lucene search
+L

44 matches found

cvelist
cvelist
added yesterday24 views

CVE-2026-62294 Flameshot: OCTOU symlink attack via predictable /tmp path in Flameshot "Open With"

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...

5.1CVSS
Exploits0References4
cve
cve
added yesterday7 views

CVE-2026-62294

Flameshot prior to 14.0.0 is affected by a local TOCTOU race in the Open With feature. The software wrote screenshots to a predictable temporary path and followed symlinks, enabling a local unprivileged user on the same machine to pre-plant a symlink and cause Flameshot to write PNG data through ...

5.1CVSS6.1AI score
Exploits0References4
redhatcve
redhatcve
added 2026/06/05 7:30 p.m.10 views

CVE-2026-42191

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

7.8CVSS5.5AI score0.00108EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/26 12:0 a.m.10 views

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

5.9AI score0.00127EPSS
Exploits0References4
euvd
euvd
added 2026/05/26 12:0 a.m.12 views

EUVD-2026-31899

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References4
cve
cve
added 2026/05/26 12:0 a.m.24 views

CVE-2026-48693

CVE-2026-48693 concerns the FastNetMon Community Edition up to 1.2.9. The issue is a local symlink attack due to predictable file paths in /tmp, notably the default statistics file at '/tmp/fastnetmon.dat'. The vulnerable code path opens this path with std::ios::trunc without following symlinks o...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References4Affected Software1
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Audacity

In Audacity version 2.3.3, temporary files are saved to the /var/tmp/audacity-$USER directory by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary .au audio files located there...

3.3CVSS4.7AI score0.00469EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/12 7:12 p.m.10 views

CVE-2026-42191 OpenTelemetry.Exporter.OpenTelemetryProtocol: Disk retry default temp path enables local blob injection for OTLP Exporter

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

6.5CVSS5.8AI score0.00108EPSS
Exploits0References2
cve
cve
added 2026/05/12 7:12 p.m.85 views

CVE-2026-42191

OpenTelemetry.Exporter.OpenTelemetryProtocol (OTLP exporter) Vulnerability: from 1.8.0 through 1.15.2, when OTEL_DOTNET_EXPERIMENTAL_OTLP_RETRY=disk is used without OTEL_DOTNET_EXPERIMENTAL_OTLP_DISK_RETRY_DIRECTORY_PATH, the retry storage root is resolved with Path.GetTempPath(). The exporter st...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/05/12 7:12 p.m.10 views

CVE-2026-42191

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

6.5CVSS5.8AI score0.00108EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/05/12 7:12 p.m.42 views

CVE-2026-42191 OpenTelemetry.Exporter.OpenTelemetryProtocol: Disk retry default temp path enables local blob injection for OTLP Exporter

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

6.5CVSS0.00108EPSS
Exploits0References2
osv
osv
added 2026/04/30 6:34 p.m.24 views

GHSA-4625-4J76-FWW9 OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter

Summary The OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but OTELDOTNETEXPERIMENTALOTLPDISKRETRYDIRECTORYPATH was not configured. The exporter stored and loaded .blob files under...

6.5CVSS5.8AI score0.00108EPSS
Exploits0References5
github
github
added 2026/04/30 6:34 p.m.136 views

OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter

Summary The OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but OTELDOTNETEXPERIMENTALOTLPDISKRETRYDIRECTORYPATH was not configured. The exporter stored and loaded .blob files under...

7.8CVSS5.4AI score0.00108EPSS
Exploits0References5Affected Software1
github
github
added 2026/04/06 11:9 p.m.10 views

PraisonAI recipe registry publish path traversal allows out-of-root file write

Summary PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's internal manifest.json before it verifies that the manifest name and version match the HTTP route. A malicious publisher can place ../ traversal sequences in the bund...

7.1CVSS6.1AI score0.00334EPSS
Exploits1References4Affected Software1
ptsecurity
ptsecurity
added 2026/04/06 12:0 a.m.4 views

PT-2026-30767

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.113 Description PraisonAI's recipe registry publish endpoint is susceptible to a path traversal issue. Prior to version 1.5.113, the endpoint writes uploaded recipe bundles to a filesystem path derived from the...

7.1CVSS6.1AI score0.00334EPSS
Exploits1References12
vulnrichment
vulnrichment
added 2026/03/23 8:25 p.m.3 views

CVE-2026-23482 Blinko: Unauthorized Arbitrary File Read - /api/file/temp

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks...

8.2CVSS5.8AI score0.01523EPSS
Exploits0References3
euvd
euvd
added 2026/03/23 8:25 p.m.10 views

EUVD-2026-14533

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks...

8.2CVSS5.8AI score0.01523EPSS
Exploits0References3
cve
cve
added 2026/03/23 8:25 p.m.27 views

CVE-2026-23482

Blinko (AI-powered card note-taking project) before version 1.8.4 exposes a file server endpoint that does not enforce permission checks on the temp/ path and does not filter path traversal sequences. This allows unauthenticated attackers to read arbitrary files on the server. When scheduled back...

8.2CVSS5.8AI score0.01523EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2026/03/19 10:7 p.m.3 views

CVE-2026-32026 OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox

OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate...

7.1CVSS5.9AI score0.00344EPSS
Exploits0References5
osv
osv
added 2026/03/03 6:11 p.m.14 views

GHSA-33HM-CQ8R-WC49 Temporary path handling could write outside OpenClaw temp boundary

Summary Sandbox media local-path validation accepted absolute paths under host tmp, even when those paths were outside the active sandbox root. Affected Packages / Versions - Package: openclaw npm - Latest published version verified during triage: 2026.2.23 - Affected versions: = 2026.2.24 Detail...

6.5CVSS6AI score0.00344EPSS
Exploits0References7
Rows per page
Query Builder