1396 matches found
CVE-2026-8859
Langflow OSS (versions 1.0.0–1.10.0) contains a path traversal vulnerability in the APIRequest component when the Save to File feature is enabled. Filenames parsed from HTTP Content-Disposition headers are not sanitized, allowing an attacker-controlled server to craft paths (e.g., ../) and writ...
CVE-2026-14503
The pCloud WP Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.3 via the wp2pclajaxprocessrequestinner. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract force generation of a...
CVE-2026-36669
An unauthenticated arbitrary file upload vulnerability in ckuploadhandler.php in Feng Office 3.11.13.11 allows remote attackers to upload malicious files such as .html to the web-accessible /tmp/ directory...
CVE-2026-45534
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty"java.io.tmpdir", setting...
CVE-2026-45534 DataEase: RCE Vulnerability
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty"java.io.tmpdir", setting...
CVE-2026-58661
n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...
CVE-2026-58661
n8n is affected: older releases (before 2.28.0 and, on the 1.x branch, before 1.123.58) contain a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota does not account for files already written to the shared temporary directory, allowing an authenticat...
CVE-2026-58661 n8n - Disk Space Exhaustion via Data-Table File Upload Endpoint
n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...
CVE-2026-58661 n8n - Disk Space Exhaustion via Data-Table File Upload Endpoint
n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...
CVE-2026-0282
CVE-2026-0282 describes a file deletion vulnerability in Palo Alto Networks PAN-OS that allows an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. Affected are PAN-OS on PA-Series and VM-Series firewalls and Panorama (virtual...
CVE-2026-0282
A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web...
CVE-2026-12479
A flaw was found in Keras, specifically in the model saving and loading library. This path traversal vulnerability occurs due to improper handling of user-provided layer names, which allows an attacker to craft a malicious Keras model. When this model is saved or loaded, it can escape its intende...
EUVD-2026-24971
mktemp: empty TMPDIR creates temp files in CWD instead of /tmp...
PT-2026-56055
Name of the Vulnerable Software and Affected Versions linuxfabrik-monitoring-plugins affected versions not specified Description SQLite databases are created using predictable static paths in /tmp, allowing any user to create a symlink at these locations pointing to arbitrary files. When monitori...
DRUPAL-CONTRIB-2026-065
The Canvas AI submodule allows you to upload image files via a custom API to use within the AI web chat. These file uploads are insufficiently validated before being written to Drupal's temporary directory. In some cases, this may lead to cross-site scripting XSS...
Drupal Canvas - Moderately critical - Improper validation - SA-CONTRIB-2026-065
The Canvas AI submodule allows you to upload image files via a custom API to use within the AI web chat. These file uploads are insufficiently validated before being written to Drupal's temporary directory. In some cases, this may lead to cross-site scripting XSS...
CVE-2026-13165
SzafirHost is affected by a remote code execution vulnerability (CVE-2026-13165) in the way it validates versus extracts native libraries from archives. The application verifies the downloaded native library archive using JarFile (Central Directory) but extracts libraries with JarInputStream (seq...
PYSEC-2026-346 gramps-webapi: Zip Slip Path Traversal in Media Archive Import
Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...
CVE-2025-11919
The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...
EUVD-2025-210362
The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...