Lucene search
K

23 matches found

OSV
OSV
added yesterday4 views

MAL-2026-10540 Malicious code in postcss-processor-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0253c4f750443ba47f0ab61347fa85a1659b847190a85757575e904966636da On require, src/index.js loads src/token-loader.js, which reads data/design-tokens.json, XOR-decodes the base64 blobs under encrypted.chunks using a...

6.1AI score
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 10:15 a.m.56 views

CVE-2026-41991 Predictable Temporary File in GNU gzip

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS0.00105EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.19 views

PT-2026-43311

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description A local symlink attack is possible due to predictable file paths in the /tmp directory. The software uses a default statistics file path at '/tmp/fastnetmon.dat'. The print scre...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References6
OSV
OSV
added 2026/05/26 12:0 a.m.2 views

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

5.5CVSS6AI score0.00127EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.10 views

Amazon Linux 2023 : socat (ALAS2023-2026-1701)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1701 advisory. readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. CVE-2024-54661 Tenable has extracted the preceding description block directly from the tested product security advisory. Note...

9.8CVSS6.8AI score0.008EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31584

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00132EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:39 a.m.8 views

CVE-2010-2449

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

6.5CVSS7AI score0.01702EPSS
Exploits0References1
OSV
OSV
added 2024/12/04 5:15 a.m.3 views

DEBIAN-CVE-2024-54661

readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file...

9.8CVSS6.8AI score0.008EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/13 2:15 p.m.18 views

CVE-2024-49506 Fixed temporary file path in aeon-checks allows fixing of disk encryption key

Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem...

7.3CVSS0.00098EPSS
Exploits0References1
CVE
CVE
added 2024/11/13 2:15 p.m.49 views

CVE-2024-49506

CVE-2024-49506 corresponds to an insecure temporary-file creation in aeon-checks/openSUSE-related tooling. The vulnerability allows a local attacker on systems with non-default configurations to cause a denial of service or set the filesystem encryption key. Several connected sources reference ae...

7.3CVSS6.3AI score0.00098EPSS
Exploits0References1
Snyk
Snyk
added 2024/10/25 2:43 a.m.2 views

Insecure Temporary File

Overview Affected versions of this package are vulnerable to Insecure Temporary File through the use of the deprecated mktemp function, there is a risk of race conditions. This occurs because the function generates a temporary file name without ensuring exclusive access, allowing an opportunity f...

4.5CVSS7AI score0.00274EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.5 views

SUSE CVE-2011-3616

The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf...

6.3CVSS6.7AI score0.00424EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.7 views

SUSE CVE-2013-0180

Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds...

5.5CVSS5.5AI score0.00323EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.4 views

SUSE CVE-2014-2312

The main function in androidmain.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid...

6.6CVSS5.4AI score0.00358EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2022/04/08 12:0 a.m.8 views

Insecure temporary file usage in SWHKD

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service...

9.1CVSS7.2AI score0.01737EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2019/11/01 7:15 p.m.12 views

UBUNTU-CVE-2013-0178

Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm...

5.5CVSS6AI score0.00415EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2018/11/06 11:52 a.m.23 views

CVE-2018-19789: Temporary uploaded file path disclosure

More info at https://symfony.com/cve-2018-19789...

5.3CVSS7.2AI score0.03589EPSS
Exploits0Affected Software1
OSV
OSV
added 2018/10/17 2:29 p.m.4 views

CVE-2018-10824

An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0...

9.8CVSS5.8AI score0.12479EPSS
Exploits7References2
CNVD
CNVD
added 2018/10/17 12:0 a.m.8 views

D-Link Router Password Plaintext Storage Vulnerability

The DWR-116, DIR-140, and DIR-640 are all D-Link router products. A password plaintext storage vulnerability exists in several series of D-Link routers, which stems from the administrative password being stored in plaintext in the /tmp/XXX /0 file. An attacker with directory traversal or LFI can...

9.8CVSS7.8AI score0.12479EPSS
Exploits7References1
OSV
OSV
added 2018/09/19 3:29 p.m.6 views

CVE-2018-1150

NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists...

7.3CVSS5.8AI score0.0188EPSS
Exploits1References3
Rows per page
Query Builder