Lucene search
K

199 matches found

Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-11571 Everest Forms < 3.5.0 - Unauthenticated Sensitive Information Exposure via Residual CSV Artifacts

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

0.00256EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 4:38 p.m.7 views

OPENSUSE-SU-2026:20926-1 Security update for python-requests

This update for python-requests fixes the following issue: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

5.5CVSS5.3AI score0.00182EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 4:27 p.m.5 views

SUSE-SU-2026:22091-1 Security update for python-requests

This update for python-requests fixes the following issue: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

5.5CVSS5.2AI score0.00182EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 4:27 p.m.6 views

SUSE-SU-2026:22055-1 Security update for python-requests

This update for python-requests fixes the following issue: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

5.5CVSS5.3AI score0.00182EPSS
Exploits0References3
OSV
OSV
added 2026/05/11 5:44 a.m.6 views

BIT-GOLANG-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References5
NVD
NVD
added 2026/05/07 8:16 p.m.27 views

CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.3CVSS0.00179EPSS
Exploits0References4
CVE
CVE
added 2026/05/07 7:41 p.m.38 views

CVE-2026-39819

CVE-2026-39819 concerns the Go tool (go bug). The vulnerability arises when the command writes to two files with predictable names in the system temporary directory (e.g., /tmp). An attacker with access to the temporary directory can create a symlink in one of these names, causing the go bug proc...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 7:41 p.m.9 views

CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.8AI score0.00179EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.7 views

SUSE SLED15 / SLES15 Security Update : python-requests (SUSE-SU-2026:1644-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1644-1 advisory. - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses targ...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References4
OSV
OSV
added 2026/04/28 6:3 p.m.4 views

SUSE-SU-2026:1647-1 Security update for python-requests

This update for python-requests fixes the following issues: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

5.5CVSS4.5AI score0.00182EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/04/28 1:31 p.m.8 views

Security update for python-requests

This update for python-requests fixes the following issues: CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589. Patch Instructions: To install this SUSE update use the SUSE...

6.8CVSS4.5AI score0.00182EPSS
Exploits0References4
OSV
OSV
added 2026/04/28 1:31 p.m.4 views

SUSE-SU-2026:1644-1 Security update for python-requests

This update for python-requests fixes the following issues: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

5.5CVSS4.5AI score0.00182EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.81 views

📄 Pachno 1.0.6 FileCache Deserialization Remote Code Execution

Pachno version 1.0.6 uses the unserialize function on the contents of cache files stored under PACHNOPATH/cache/ during the framework bootstrap sequence, before any authentication, routing, or controller logic is executed. Cache files are created with world-writable permissions chmod 0666 and use...

6.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.3 views

SUSE SLES12 Security Update : python-requests (SUSE-SU-2026:1218-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1218-1 advisory. - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already...

5.5CVSS6.2AI score0.00182EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/04/08 2:39 p.m.5 views

Security update for python-requests

This update for python-requests fixes the following issues: CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589. Patch Instructions: To install this SUSE update use the SUSE...

6.8CVSS5.9AI score0.00182EPSS
Exploits0References4
OSV
OSV
added 2026/04/08 2:39 p.m.6 views

SUSE-SU-2026:1218-1 Security update for python-requests

This update for python-requests fixes the following issues: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 2:30 p.m.5 views

SUSE-SU-2026:21036-1 Security update for python-requests

This update for python-requests fixes the following issue: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 2:11 p.m.3 views

SUSE-SU-2026:21063-1 Security update for python-requests

This update for python-requests fixes the following issue: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/07 3:30 a.m.3 views

EUVD-2025-209253

IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack...

6.2CVSS6AI score0.00142EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 6:31 a.m.7 views

EUVD-2026-17816

The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS including private posts in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can...

5.3CVSS5.9AI score0.00301EPSS
Exploits0References2
Rows per page
Query Builder