CVE-2026-49135 CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

Malicious code in pyclogger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b43b78466684583bb9a90ced072406566a033523e3b0d2b9032a4dae763ac84c Package contains an infostealer exfiltrating Discord tokens and saved browser credentials to a hardcoded location. --- Category: MALICIOUS - The campaign has...

EUVD-2017-2352

Malware in sbrugna...

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs due to a LaTeX blocklist bypass in the LaTeX processing functionality. The LaTeX module fails to enforce its blocklist properly, allowing specially crafted malicious flashcards to create arbitrary...

SUSE CVE-2024-32152

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability...

DEBIAN-CVE-2024-32152

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability...

UBUNTU-CVE-2024-32152

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-32152

CVE-2024-32152 affects Ankitects Anki 24.04’s LaTeX processing, where a specially crafted flashcard can bypass the blocklist and cause arbitrary file creation at a fixed path. The issue arises from the LaTeX blocklist bypass in the Anki LaTeX module, enabling an attacker to trigger file creation ...

Eternal Terminal 后置链接漏洞

Eternal Terminal is a remote shell by Jason Gauci Personal Developer. A security vulnerability exists in Eternal Terminal version 6.2.1, which stems from the use of fixed paths, and can be exploited by an attacker to read sensitive information or modify information...

CVE-2023-23558

CVE-2023-23558 : In Eternal Terminal 6.2.1, TelemetryService uses fixed paths under /tmp. An attacker with local access can pre-create /tmp/.sentry-native-etserver (mode 0777) before etserver starts, enabling reading or modification of that file. This leads to potential information disclosure and...

CVE-2022-23950

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...

PT-2022-16361 · Keylime · Keylime

Name of the Vulnerable Software and Affected Versions: Keylime versions prior to 6.3.0 Description: The issue arises from the Revocation Notifier in Keylime using a fixed /tmp path for a UNIX domain socket. This can be exploited by unprivileged users to prohibit Keylime operations. Recommendation...

Swapper3Crv's swapping path can be suboptimal

Lines of code Vulnerability details Impact Swapper3Crv.swap result can be suboptimal as only paths with ETH are evaluated. Setting severity to medium as despite function availability not affected there can be some fund losses as a result. Proof of Concept tokenAmountOut uses fixed tokenIn, ETH,...

CVE-2019-13228

deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker...

Race condition

deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker...

CVE-2019-13228

deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker...

Microsoft Windows XP Professionnel Service Pack 2 & 3 Insecure Library Load

An insecure library loading vulnerability has been identified in Microsoft Windows XP Professionnel Service Pack 2. The application uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version ...

QuickTime < 7.6.8 Multiple Vulnerabilities (Windows)

The version of QuickTime installed on the remote Windows host is older than 7.6.8. Such versions are reportedly affected by two vulnerabilities : - An input validation issue in the QTPlugin.ocx ActiveX control could allow an attacker to force the application to jump to a location in memory...

Wireshark / Ethereal < 1.2.11 / 1.0.16 Path Subversion Arbitrary DLL Injection Code Execution

The installed version of Wireshark or Ethereal is 1.2.0 - 1.2.10 or 0.8.4 - 1.0.15. Such versions are affected by the following vulnerability : - The application uses a fixed path to look for specific files or libraries, such as for 'airpcap.dll', and this path includes directories that may not b...

Insecure Saving Of Downloadable File In Mozilla Firefox (Linux)

This host is installed with Mozilla Firefox and is prone to insecure saving of downloadable file. OpenVAS Vulnerability Test $Id: secpodfirefoxinsecuresavingdownloadfile.nasl 5055 2017-01-20 14:08:39Z teissa $ Insecure Saving Of Downloadable File In Mozilla Firefox Linux Authors: Sharath S...