Lucene search
K

922 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 6:45 p.m.14 views

Malicious code in qr-code-styling-temp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 004a5cc51cc0e38448c56189fb4437ad113eec163f7ae1a7692b88d6aed71182 The package's install lifecycle script node index.js and its main entry both load lib/core.js, which reads os.userInfo.username, os.hostname, and the...

5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:35 a.m.10 views

CVE-2026-33232

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service DoS through the server due to uncontrolled disk space consumption. The downloadagentfile...

7.5CVSS5.8AI score0.00396EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/19 12:35 a.m.16 views

EUVD-2026-30819

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service DoS through the server due to uncontrolled disk space consumption. The downloadagentfile...

7.5CVSS5.8AI score0.00396EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/18 8:26 p.m.33 views

CVE-2026-4137 Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7CVSS0.00193EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/18 8:26 p.m.11 views

CVE-2026-4137 Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7CVSS7.6AI score0.00193EPSS
Exploits1References2
CVE
CVE
added 2026/05/18 8:26 p.m.25 views

CVE-2026-4137

CVE-2026-4137 : In mlflow/mlflow before 3.11.0, two temp-dir creation paths expose world/group-writable permissions: get_or_create_nfs_tmp_dir() creates 0o777 and _create_model_downloading_tmp_dir() creates 0o770. This enables local attackers with access to shared NFS mounts (e.g., Databricks) to...

7.8CVSS7.6AI score0.00193EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:26 p.m.11 views

CVE-2026-4137

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7CVSS7.6AI score0.00215EPSS
Exploits2References3
EUVD
EUVD
added 2026/05/16 3:26 p.m.11 views

EUVD-2021-34835

TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to...

8.8CVSS6.5AI score0.00315EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.23 views

Golang 1.25.x < 1.25.10 / 1.26.x < 1.26.3 Multiple Vulnerabilities

The version of Golang running on the remote host is 1.25.x prior to 1.25.10, or 1.26.x prior to 1.26.3. It is, therefore, affected by multiple vulnerabilities, including: - The net package's LookupCNAME function could trigger a double-free crash when using the cgo DNS resolver with very long CNAM...

7.5CVSS6AI score0.00813EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.12 views

Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory

A flaw was found in Spring Boot. A local attacker on the same host as the application may be able to take control of the ApplicationTemp directory due to predictable temporary directory handling. When the server.servlet.session.persistent setting is enabled and the attack persists across...

7CVSS6.1AI score0.00136EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/14 12:32 p.m.10 views

EUVD-2026-30274

The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wpdbtempdir parameter, which controls where database backups are written. This makes it possible for...

7.5CVSS5.7AI score0.00488EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/05/08 10:54 a.m.7 views

CVE-2026-40973

A flaw was found in Spring Boot. A local attacker on the same host as the application may be able to take control of the ApplicationTemp directory due to predictable temporary directory handling. When the server.servlet.session.persistent setting is enabled and the attack persists across...

7CVSS6.1AI score0.00136EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.10 views

PT-2026-39303

Name of the Vulnerable Software and Affected Versions view component versions 3.0.0 through 4.8.9 Description The system test entrypoint canonicalizes a user-controlled file path using File.realpath and verifies if the resolved path starts with the temporary directory path. This containment check...

5.9CVSS5.8AI score0.00412EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/07 7:41 p.m.35 views

CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

0.00179EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/07 7:41 p.m.8 views

CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.3CVSS5.8AI score0.00179EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.5.33 (RHSA-2021:0429)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0429 advisory. - ant: insecure temporary file vulnerability CVE-2020-1945 - ant: insecure temporary file CVE-2020-11979 - jenkins: Arbitrary file...

8CVSS6.8AI score0.08235EPSS
Exploits0References29
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.11 views

RHCOS 4 : OpenShift Container Platform 4.6.17 (RHSA-2021:0423)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0423 advisory. - ant: insecure temporary file vulnerability CVE-2020-1945 - ant: insecure temporary file CVE-2020-11979 - jenkins: Arbitrary file...

8CVSS6.8AI score0.08235EPSS
Exploits0References29
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-22740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain no...

6.5CVSS5.8AI score0.00344EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.10 views

PT-2026-36312

Name of the Vulnerable Software and Affected Versions Temporary Login plugin for WordPress versions prior to 1.0.1 Description An authentication bypass exists due to improper input validation in the maybe login temporary user function. The function fails to verify that the temp-login-token GET...

9.8CVSS5.8AI score0.09246EPSS
Exploits3References19
Snyk
Snyk
added 2026/04/30 6:34 p.m.8 views

Creation of Temporary File in Directory with Insecure Permissions

Overview OpenTelemetry.Exporter.OpenTelemetryProtocol is an OTLP Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions in the ExperimentalOptions used in handling disk retry storage for telemetry data...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References2
Rows per page
Query Builder