181 matches found
CVE-2025-12648
CVE-2025-12648 (WP-Members Membership Plugin) is a disclosed vulnerability where unauthenticated actors can access user-uploaded documents via direct URLs due to files being stored in predictable directories (wp-content/uploads/wpmembers/user_files//) with only basic directory protections (e.g., ...
CVE-2025-14612
Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...
CVE-2025-14612 Quartus Prime Pro Edition Advisory
Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...
CVE-2025-14612 Quartus Prime Pro Edition Advisory
Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...
CVE-2025-11379
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
CVE-2025-11379 WebP Express <= 0.25.9 - Unauthenticated Information Exposure
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
EUVD-2001-1363
Malware in sbrugna...
EUVD-2008-5337
Malware in sbrugna...
EUVD-2005-0712
Malware in sbrugna...
EUVD-2000-1081
Malware in sbrugna...
EUVD-2024-52812
Malicious code in bioql PyPI...
EUVD-2025-31584
Malicious code in bioql PyPI...
CVE-2025-61659
bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...
CVE-2025-61659
bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...
CVE-2025-48869
Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...
socat: arbitrary file overwrite via predictable /tmp directory
A flaw was found in the readline.sh script of Socat through version 1.8.0.1. This vulnerability can allow attackers to exploit improper use of a predictable temporary file...
CVE-2015-0849
pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability...
CVE-2010-2449
Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...
CVE-2024-9311
A Cross-Site Request Forgery CSRF vulnerability in haotian-liu/llava v1.2.0 LLaVA-1.6 allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript code...
ROS-20250307-01
A vulnerability in the readline.sh component of the socket forwarding utility from the host machine is related to the use of a predictable temporary file name in readline.sh. the use of a predictable temporary file name in readline.sh. Exploitation of the vulnerability could allow an attacker...