8 matches found
SUSE CVE-2026-49982
tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....
EUVD-2026-36265
tmp: Type-confusion bypass of assertPath allows path traversal via non-string prefix/postfix/template...
Linux Distros Unpatched Vulnerability : CVE-2026-49982
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to the improper sanitization of non-string values in the prefix, postfix, or dir parameters during path construction. An attacker can create files outside the intended temporary directory, potentially overwriting...
CVE-2026-49982 tmp: Type-confusion bypass of _assertPath in [email protected] allows path traversal via non-string prefix/postfix/template
tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....
CVE-2026-49982
tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....
EUVD-2026-1160
Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type errors in %d conversions. The problem has been patched in version 0.0.6. No...
EUVD-2024-2720
Malicious code in bioql PyPI...