Lucene search
K

181 matches found

CVE
CVE
added 2026/01/07 2:21 a.m.15 views

CVE-2025-12648

CVE-2025-12648 (WP-Members Membership Plugin) is a disclosed vulnerability where unauthenticated actors can access user-uploaded documents via direct URLs due to files being stored in predictable directories (wp-content/uploads/wpmembers/user_files//) with only basic directory protections (e.g., ...

5.3CVSS5.5AI score0.00255EPSS
Exploits0References4
NVD
NVD
added 2026/01/07 2:3 a.m.9 views

CVE-2025-14612

Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...

6.7CVSS0.00092EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/06 9:24 p.m.3 views

CVE-2025-14612 Quartus Prime Pro Edition Advisory

Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...

6.7CVSS6.6AI score0.00092EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/06 9:24 p.m.33 views

CVE-2025-14612 Quartus Prime Pro Edition Advisory

Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...

6.7CVSS0.00092EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 5:16 a.m.5 views

CVE-2025-11379

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

5.3CVSS0.00271EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/04 4:29 a.m.3 views

CVE-2025-11379 WebP Express <= 0.25.9 - Unauthenticated Information Exposure

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

5.3CVSS5.5AI score0.00271EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2001-1363

Malware in sbrugna...

6.2CVSS6.4AI score0.00322EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2008-5337

Malware in sbrugna...

6.4CVSS7.4AI score0.03478EPSS
Exploits1References47
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2005-0712

Malware in sbrugna...

2.1CVSS6AI score0.01703EPSS
Exploits1References19
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2000-1081

Malware in sbrugna...

3.7CVSS6.4AI score0.00786EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-52812

Malicious code in bioql PyPI...

6.6CVSS6.3AI score0.00217EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31584

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00132EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/30 12:45 a.m.8 views

CVE-2025-61659

bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...

6.8CVSS7AI score0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/29 12:0 a.m.9 views

CVE-2025-61659

bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...

6.8CVSS0.00132EPSS
Exploits0References1
NVD
NVD
added 2025/09/24 6:15 p.m.5 views

CVE-2025-48869

Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...

7.5CVSS0.00407EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/07/07 2:52 a.m.6 views

socat: arbitrary file overwrite via predictable /tmp directory

A flaw was found in the readline.sh script of Socat through version 1.8.0.1. This vulnerability can allow attackers to exploit improper use of a predictable temporary file...

9.8CVSS6.8AI score0.008EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2025/06/26 9:15 p.m.19 views

CVE-2015-0849

pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability...

3.9CVSS5.3AI score0.0011EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:39 a.m.8 views

CVE-2010-2449

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

6.5CVSS7AI score0.01702EPSS
Exploits0References1
OSV
OSV
added 2025/03/20 10:15 a.m.5 views

CVE-2024-9311

A Cross-Site Request Forgery CSRF vulnerability in haotian-liu/llava v1.2.0 LLaVA-1.6 allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript code...

6.1CVSS6AI score0.00199EPSS
Exploits1References1
Redos
Redos
added 2025/03/07 12:0 a.m.81 views

ROS-20250307-01

A vulnerability in the readline.sh component of the socket forwarding utility from the host machine is related to the use of a predictable temporary file name in readline.sh. the use of a predictable temporary file name in readline.sh. Exploitation of the vulnerability could allow an attacker...

9.8CVSS7.2AI score0.008EPSS
Exploits0
Rows per page
Query Builder