22 matches found
EUVD-2025-208272
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
Exploit for CVE-2025-70342
CVE-2025-70342: Credential Interception via Named Pipe in eras...
Malicious code in magichat (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b999f3f5762dc9bcb0dc2e91ef10116a368aca535d2f07fa2519e8d64bbc0902 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...
EUVD-2025-31429
Malicious code in bioql PyPI...
EUVD-2024-48259
Malicious code in bioql PyPI...
CVE-2025-7647 Insecure Temporary File Handling in run-llama/llama_index
The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...
CVE-2025-7647 Insecure Temporary File Handling in run-llama/llama_index
The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...
CVE-2025-7647
CVE-2025-7647 affects llama-index-core up to version 0.12.44, with a vulnerability in get_cache_dir() that uses a predictable, hardcoded directory path (/tmp/llama_index) on Linux. On multi-user Linux systems, this insecure temporary directory can enable local attackers to steal proprietary model...
VulnCheck KEV: CVE-2024-7344
Howyar UEFI Application "Reloader" 32-bit and 64-bit is vulnerable to execution of unsigned software in a hardcoded path...
CVE-2024-7344
Howyar UEFI Application "Reloader" 32-bit and 64-bit is vulnerable to execution of unsigned software in a hardcoded path...
CVE-2024-7344 Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.
Howyar UEFI Application "Reloader" 32-bit and 64-bit is vulnerable to execution of unsigned software in a hardcoded path...
CVE-2024-7344 Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.
Howyar UEFI Application "Reloader" 32-bit and 64-bit is vulnerable to execution of unsigned software in a hardcoded path...
CVE-2020-15731
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448...
CVE-2020-1984 Secdo: Privilege escalation via hardcoded script path
Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk C:\ to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo...
Secdo: Privilege escalation via hardcoded script path
Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk C:\ to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo...
CVE-2018-7441
Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junksplitimage.ps in prog/splitimage2pdf.c...