Lucene search
K

923 matches found

Snyk
Snyk
added 2026/04/30 6:34 p.m.8 views

Creation of Temporary File in Directory with Insecure Permissions

Overview OpenTelemetry.Exporter.OpenTelemetryProtocol is an OTLP Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions in the ExperimentalOptions used in handling disk retry storage for telemetry data...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/29 12:33 p.m.8 views

Spring Framework DoS with Multipart Temp Files in WebFlux

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS5.8AI score0.00344EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/29 12:16 p.m.3 views

DEBIAN-CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS5.8AI score0.00344EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 12:16 p.m.7 views

CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS0.00344EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/29 12:16 p.m.6 views

CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS5.8AI score0.00344EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/29 10:46 a.m.6 views

EUVD-2026-26205

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS5.2AI score0.00344EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/29 10:46 a.m.2 views

CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

5.2AI score0.00344EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/29 10:46 a.m.163 views

CVE-2026-22740

The CVE-2026-22740 issue affects Spring Framework WebFlux multipart request handling. The root cause is cleanup of temporary files created for parts larger than 10 KB, which in some cases are not deleted after the request completes, enabling an attacker to exhaust disk space (Denial of Service). ...

6.5CVSS5.2AI score0.00344EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/27 11:29 p.m.34 views

CVE-2026-40973

A local attacker on the same host as the application may be able to take control of the directory used by ApplicationTemp. When server.servlet.session.persistent is set to true and the attack persists across application restarts, this may allow the attacker to read session information and hijack...

7CVSS0.00136EPSS
Exploits0References1
CVE
CVE
added 2026/04/27 11:29 p.m.143 views

CVE-2026-40973

The CVE-2026-40973 issue affects Spring Boot versions 4.x (4.0.0–4.0.5 with fix in 4.0.6), 3.5.x (3.5.0–3.5.13 with fix 3.5.14), 3.4.x (3.4.0–3.4.15 with fix 3.4.16), 3.3.x (3.3.0–3.3.18 with fix 3.3.19), and 2.7.x (2.7.0–2.7.32 with fix 2.7.33). The vulnerability stems from the ApplicationTemp m...

7CVSS5.5AI score0.00136EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/27 11:29 p.m.9 views

EUVD-2026-25937

A local attacker on the same host as the application may be able to take control of the directory used by ApplicationTemp. When server.servlet.session.persistent is set to true and the attack persists across application restarts, this may allow the attacker to read session information and hijack...

7CVSS5.5AI score0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/27 11:29 p.m.5 views

CVE-2026-40973

A local attacker on the same host as the application may be able to take control of the directory used by ApplicationTemp. When server.servlet.session.persistent is set to true and the attack persists across application restarts, this may allow the attacker to read session information and hijack...

7CVSS5.5AI score0.00136EPSS
Exploits0References1
NVD
NVD
added 2026/04/27 6:16 p.m.7 views

CVE-2026-7144

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file updatepasswdprocess.php. The manipulation of the argument tempuser results in authorization bypass. The attack can be launched remotely. The exploit has been...

5.3CVSS0.00215EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/27 5:30 p.m.40 views

CVE-2026-7144 1000 Projects Portfolio Management System MCA update_passwd_process.php authorization

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file updatepasswdprocess.php. The manipulation of the argument tempuser results in authorization bypass. The attack can be launched remotely. The exploit has been...

5.3CVSS0.00215EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.9 views

1000 Projects Portfolio Management System MCA 授权问题漏洞

The 1000 Projects Portfolio Management System MCA is an open-source combination management system developed by 1000 Projects. Version 1.0 of the 1000 Projects Portfolio Management System MCA has a vulnerability related to authorization. This vulnerability stems from improper handling of the...

5.3CVSS5.8AI score0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.9 views

PT-2026-35545

Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.5 Spring Boot versions 3.5.0 through 3.5.13 Spring Boot versions 3.4.0 through 3.4.15 Spring Boot versions 3.3.0 through 3.3.18 Spring Boot versions 2.7.0 through 2.7.32 Spring Boot versions prior to 2.7....

7CVSS5.5AI score0.00136EPSS
Exploits0References11
OSV
OSV
added 2026/04/24 10:16 p.m.6 views

DEBIAN-CVE-2026-42171

NSIS Nullsoft Scriptable Install System 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges if they can cause myGetTempFileName to return 0, as shown in the references...

7.8CVSS5.3AI score0.0021EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 10:16 p.m.16 views

CVE-2026-42171

NSIS Nullsoft Scriptable Install System 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges if they can cause myGetTempFileName to return 0, as shown in the references...

7.8CVSS0.0021EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/24 9:20 p.m.29 views

CVE-2026-42171

NSIS Nullsoft Scriptable Install System 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges if they can cause myGetTempFileName to return 0, as shown in the references...

7.8CVSS0.0021EPSS
Exploits0References4
CVE
CVE
added 2026/04/24 9:20 p.m.24 views

CVE-2026-42171

NSIS 3.06.1 before 3.12 is affected: it may use the Low IL temp directory when running as SYSTEM, enabling local privilege escalation if my_GetTempFileName returns 0. Root cause is in the temp file handling, with a potential path-based abuse. Impact is local elevation of privileges with HIGH conf...

7.8CVSS5.2AI score0.0021EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder