PT-2026-27191

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the...

CVE-2025-14267 Unintended temporary cached data included in a structure only copy intended to be empty of data

Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7...

EUVD-2000-0057

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2014-5459

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The PEARREST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a 1 rest.cachefile or 2...

CVE-2024-57941 netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the non-cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled e.g. due to a DIO write on that file, future copying to the cache for that file is disabled until al...

WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download

Description The plugin does not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later. PoC The plugin creates temporary cache files when backing up sites, which are publicly accessible to anyone. Said cache...

polkit: Temporary auth hijacking via PID reuse and non-atomic fork

A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges...

UBUNTU-CVE-2014-5459

The PEARREST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a 1 rest.cachefile or 2 rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions...

USN-2301-1: Jinja2 vulnerabilities

It was discovered that Jinja2 incorrectly handled temporary cache files and directories. A local attacker could use this issue to possibly gain privileges...

CVE-2003-0887

The CVE-2003-0887 entry concerns ez-ipupdate (versions 3.0.11b7 and earlier) that creates insecure temporary cache files, enabling a local user to perform unauthorized operations via a symlink attack on the ez-ipupdate.cache file. The linked SUSE/other entries reiterate the same flaw without prov...