CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

SUSE CVE•added 2026/05/09 2:43 a.m.•10 views

SUSE CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.3CVSS5.8AI score0.00179EPSS

Exploits0References14

Snyk•added 2026/04/01 9:6 p.m.•2 views

Access Control Bypass

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Access Control Bypass due to a PHP operator precedence issue in the CLI access guard of the install/deleteSystemdPrivate.php script. An attacker can cause deletion...

7.3CVSS5.8AI score0.00341EPSS

Exploits1References2

SUSE CVE•added 2026/03/25 12:24 a.m.•2 views

SUSE CVE-2026-31886

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves...

9.1CVSS6.1AI score0.00421EPSS

Exploits1References3

Cvelist•added 2026/03/13 7:32 p.m.•22 views

CVE-2026-31886 Dagu has a Path Traversal via `dagRunId` in Inline DAG Execution

9.1CVSS0.00421EPSS

Exploits1References2

OSV•added 2026/03/13 7:32 p.m.•4 views

CVE-2026-31886 Dagu has a Path Traversal via `dagRunId` in Inline DAG Execution

9.1CVSS6AI score0.00421EPSS

Exploits1References4

RedhatCVE•added 2026/01/09 10:43 a.m.•3 views

CVE-2022-26850

When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the...

4.3CVSS6.8AI score0.01393EPSS

Exploits0References1

CNNVD•added 2025/10/23 12:0 a.m.•1 views

Oxford Nanopore Technologies MinKNOW 安全漏洞

Oxford Nanopore Technologies MinKNOW is a data acquisition control and monitoring software from Oxford Nanopore Technologies, UK. A security vulnerability exists in Oxford Nanopore Technologies MinKNOW versions prior to 24.11, which stems from an authentication token stored in the system temporar...

7.8CVSS6.6AI score0.00142EPSS

Exploits0References4

RedhatCVE•added 2025/05/22 6:20 p.m.•8 views

CVE-2021-22572

On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other loc...

5.5CVSS6.3AI score0.00128EPSS

Exploits0References1

OSV•added 2025/02/27 7:8 a.m.•14 views

BIT-GRADLE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

8.8CVSS8.5AI score0.00224EPSS

Exploits0References9

Cvelist•added 2025/02/25 8:13 p.m.•21 views

CVE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory

8.8CVSS0.00224EPSS

Exploits0References8

CVE•added 2025/02/25 8:13 p.m.•97 views

CVE-2025-27148

CVE-2025-27148 affects Gradle’s native-platform library used by Gradle builds. Vulnerability arises when Native.get(Class) is called without prior Native.init(File) and a non-null working path is supplied, causing initialization to occur in the system temporary directory on Unix-like systems. Ver...

8.8CVSS8.6AI score0.00224EPSS

Exploits0References8

Vulnrichment•added 2025/02/25 8:13 p.m.•14 views

CVE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory

8.8CVSS6.9AI score0.00224EPSS

Exploits0References8

Tenable Nessus•added 2024/04/08 12:0 a.m.•18 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle, gradle-bootstrap (SUSE-SU-2024:1119-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1119-1 advisory. - The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for...

9.8CVSS7.2AI score0.02925EPSS

Exploits2References7

AlpineLinux•added 2023/09/20 5:15 p.m.•26 views

CVE-2023-43497

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controll...

8.1CVSS6.9AI score0.008EPSS

Exploits0

OSV•added 2023/09/20 5:15 p.m.•36 views

CVE-2023-43496

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file...

8.8CVSS7.8AI score

Exploits0References2

OSV•added 2023/09/20 5:15 p.m.•27 views

CVE-2023-43497

8.1CVSS7AI score

Exploits0References2

NVD•added 2023/09/20 5:15 p.m.•16 views

CVE-2023-43498

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller...

8.1CVSS8.8AI score0.008EPSS

Exploits0References2