CVE-2026-42171

NSIS Nullsoft Scriptable Install System 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges if they can cause myGetTempFileName to return 0, as shown in the references...

Exploit for CVE-2025-5880

CVE-2025-5880 — Whistle 2.9.98 Path Traversal PoC !Python...

CVE-2025-7039

CVE-2025-7039 is a glib2.0 vulnerability describing an integer overflow during temporary file creation that enables out-of-bounds memory access. This can allow a local attacker to manipulate file paths and access data by creating symbolic links, effectively enabling path traversal or access to pr...

CVE-2025-5880

A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The...

CVE-2025-5880 Whistle get-temp-file path traversal

A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The...

CVE-2025-5880

CVE-2025-5880 affects Whistle 2.9.98. A path traversal flaw is triggered by manipulating the filename argument in /cgi-bin/sessions/get-temp-file. Exploit publicly disclosed; vendor unresponsive per sources. Practical mitigation from PT-2025-24440 suggests restricting access to the endpoint and a...

whistle 路径遍历漏洞

whistle is a Node-based implementation of a cross-platform packet-catching debugging tool by avenwu's individual developers. A path traversal vulnerability exists in whistle version 2.9.98 due to a path traversal error in the parameter filename in the file /cgi-bin/sessions/get-temp-file...