Lucene search
+L

1391 matches found

nvd
nvd
added 6 days ago7 views

CVE-2026-58661

n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...

5.3CVSS0.00225EPSS
Exploits0References2
cvelist
cvelist
added 6 days ago29 views

CVE-2026-58661 n8n - Disk Space Exhaustion via Data-Table File Upload Endpoint

n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...

5.3CVSS0.00225EPSS
Exploits0References2
cve
cve
added 6 days ago5 views

CVE-2026-58661

n8n is affected: older releases (before 2.28.0 and, on the 1.x branch, before 1.123.58) contain a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota does not account for files already written to the shared temporary directory, allowing an authenticat...

5.3CVSS6.1AI score0.00225EPSS
Exploits0References2Affected Software1
osv
osv
added 6 days ago3 views

CVE-2026-58661 n8n - Disk Space Exhaustion via Data-Table File Upload Endpoint

n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...

5.3CVSS6.1AI score0.00225EPSS
Exploits0References4
attackerkb
attackerkb
added last week6 views

CVE-2026-0282

A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web...

6.9CVSS6AI score0.00288EPSS
Exploits0References2Affected Software1
cve
cve
added last week16 views

CVE-2026-0282

CVE-2026-0282 describes a file deletion vulnerability in Palo Alto Networks PAN-OS that allows an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. Affected are PAN-OS on PA-Series and VM-Series firewalls and Panorama (virtual...

6.9CVSS6AI score0.00288EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/07/08 7:5 a.m.6 views

CVE-2026-12479

A flaw was found in Keras, specifically in the model saving and loading library. This path traversal vulnerability occurs due to improper handling of user-provided layer names, which allows an attacker to craft a malicious Keras model. When this model is saved or loaded, it can escape its intende...

6.1CVSS6.4AI score0.00263EPSS
Exploits0References4
euvd
euvd
added 2026/07/06 7:50 p.m.8 views

EUVD-2026-24971

mktemp: empty TMPDIR creates temp files in CWD instead of /tmp...

3.3CVSS5.9AI score0.00133EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.8 views

PT-2026-56055

Name of the Vulnerable Software and Affected Versions linuxfabrik-monitoring-plugins affected versions not specified Description SQLite databases are created using predictable static paths in /tmp, allowing any user to create a symlink at these locations pointing to arbitrary files. When monitori...

5.1CVSS6.2AI score
Exploits0References7
osv
osv
added 2026/07/01 5:20 p.m.5 views

DRUPAL-CONTRIB-2026-065

The Canvas AI submodule allows you to upload image files via a custom API to use within the AI web chat. These file uploads are insufficiently validated before being written to Drupal's temporary directory. In some cases, this may lead to cross-site scripting XSS...

6.1CVSS5.6AI score0.00253EPSS
Exploits0References1
drupal
drupal
added 2026/07/01 12:0 a.m.5 views

Drupal Canvas - Moderately critical - Improper validation - SA-CONTRIB-2026-065

The Canvas AI submodule allows you to upload image files via a custom API to use within the AI web chat. These file uploads are insufficiently validated before being written to Drupal's temporary directory. In some cases, this may lead to cross-site scripting XSS...

6.1CVSS5.8AI score0.00253EPSS
Exploits0References5
cve
cve
added 2026/06/29 12:16 p.m.19 views

CVE-2026-13165

SzafirHost is affected by a remote code execution vulnerability (CVE-2026-13165) in the way it validates versus extracts native libraries from archives. The application verifies the downloaded native library archive using JarFile (Central Directory) but extracts libraries with JarInputStream (seq...

8.6CVSS6AI score0.00418EPSS
Exploits0References2
osv
osv
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-346 gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS6AI score0.00401EPSS
Exploits0References7
nvd
nvd
added 2026/06/26 4:16 p.m.12 views

CVE-2025-11919

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

9.6CVSS0.004EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/26 3:39 p.m.8 views

CVE-2025-11919

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

9.6CVSS6.2AI score0.004EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/06/26 3:39 p.m.8 views

EUVD-2025-210362

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

9.6CVSS6.2AI score0.004EPSS
Exploits0References1
osv
osv
added 2026/06/25 4:53 p.m.3 views

GHSA-4VP2-6Q8C-PVQ2 @anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write

The Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable directory 0755, allowing any local user to read a privileged user's Clau...

4.4CVSS5.9AI score0.00149EPSS
Exploits0References2
cve
cve
added 2026/06/24 9:30 p.m.24 views

CVE-2026-53765

CVE-2026-53765 / GHSA-3PVJ-JV98-QHJQ affects chrome-devtools-mcp (Chrome DevTools for agents). The vulnerability occurs when the daemon writes its PID file to a deterministic runtime path under /tmp on POSIX systems (macOS or Linux with XDG_RUNTIME_DIR unset). The code uses fs.writeFileSync() wit...

6.1CVSS5.9AI score0.00077EPSS
Exploits1References1Affected Software1
attackerkb
attackerkb
added 2026/06/23 7:25 p.m.31 views

CVE-2026-54328

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary...

7.3CVSS5.9AI score0.00115EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2026/06/23 7:25 p.m.37 views

CVE-2026-54328 Pi: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary...

7.3CVSS0.00115EPSS
Exploits0References5
Rows per page
Query Builder