Linux Distros Unpatched Vulnerability : CVE-2026-25645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files fr...

CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

EUVD-2020-12771

Malware in sbrugna...

EUVD-2005-0579

Malware in sbrugna...

Informative git prompt for bash and fish 安全漏洞

Informative git prompt for bash and fish is a bash prompt for Git users from the personal developer Martin Gondermann. A security vulnerability exists in Informative git prompt for bash and fish 2.7.1 and prior versions, which stems from a predictable filename in /tmp/git-index-private$$ that cou...

CVE-2025-61659

bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...

CVE-2024-51553 Predictable Filename

Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

PT-2025-22539 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3. NEXUS Series versions through 3. MATRIX Series versions through 3. Description: Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator...

PT-2025-22548 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3. NEXUS Series versions through 3. MATRIX Series versions through 3. Description: Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator...

YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download

Summary The request to commence a site backup can be performed without authentication. Then these backups can also be downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create an archive and then download the archive without being...

GHSA-WC9G-6J9W-HR95 YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download

Summary The request to commence a site backup can be performed without authentication. Then these backups can also be downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create an archive and then download the archive without being...

Attached files under salaries module can be harvested by unauthenticated users

Description File attachment under salaries module can be downloaded and viewed by anyone without authentication by just knowing the full path /assets/FileUploads/2022/staff2/ and the predictable filename contains date YYYY-MM-DD and a random 6 digit number which can be easily enumerated by...

SUSE CVE-2011-3871

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...

GHSA-FJ24-GHP9-39V3 Ansible uses a socket with predictable filename in /tmp

runner/connectionplugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/...

Ansible uses a socket with predictable filename in /tmp

runner/connectionplugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/...

CVE-2021-20148

ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another...

CVE-2021-43828 Improper Privilege Management in Patrowl

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management IDOR has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format o...

CVE-2020-1981

A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only...

Export Users to CSV < 1.4 - Unauthorised CSV Access

The plugin exports a CSV file containing sensitive user data. The generated files are stored in a public directory with a predictable filename based on a Unix timestamp. CSV files are discoverable either through enumeration or path traversal. Export Users to CSV does not provide visibility over...

CVE-2017-2550

Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename...