EUVD-2022-55935

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the vulnerable ping.php script,...

CVE-2022-50795

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the traceroute.php script, which...

CVE-2022-50791

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the vulnerable ping.php script,...

PT-2025-54239

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and earlier Description The software contains a conditional command injection issue. Local authenticated users can create malicious files in the /tmp directory. Unauthenticated attackers can execute...

SOUND4多款产品 操作系统命令注入漏洞

SOUND4 IMPACT and others are products of the French company SOUND4.SOUND4 IMPACT is a professional audio processor for broadcasting.SOUND4 FIRST is an audio processor for broadcasting.SOUND4 PULSE is an audio processor. An operating system command injection vulnerability exists in several SOUND4...

CVE-2018-25145

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/mcli/', and '/tmp' to access syst...

Mattermost Desktop App 安全漏洞

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App versions prior to 6.0.0, which stems from the failure to enable the hardened runtime when packaging for the Mac App Store, and could result in inheriting TCC...

CVE-2025-66384

app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmpname...

Security Bulletin: Astronomer with IBM is vulnerable to arbitrary writes due to the tmp package (CVE-2025-54798)

Summary Tmp is used by Astronomer with IBM as part of the file processing functionality. Vulnerability Details CVEID:CVE-2025-54798 DESCRIPTION: tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory wri...

VulnCheck KEV: CVE-2024-53375

An Authenticated Remote Code Execution RCE vulnerability affects the TP-Link Archer router series. A vulnerability exists in the "tmpgetsites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the activation of the HomeShield functionali...

TencentOS Server 3: insights-client (TSSA-2023:0266)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0266 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-60675

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /tmp/newqos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated...

Unprotected temporary directories in Wolfram Cloud version 14.2 may result in privilege escalation

Overview Wolfram Cloud version 14.2 allows Java Virtual Machine JVM unrestricted access to temporary resources in the /tmp/ directory of the cloud environment which may result in privilege escalation, information exfiltration, and remote code execution. In the same cloud instance, temporary...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988731)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988731 advisory. In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: calculate the right buffer number for zoranreapstatcom On the case...

PT-2025-41937

Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to 3.6.12 Argo Workflows versions 3.7.0 through 3.7.2 Description Argo Workflows, a container-native workflow engine for Kubernetes, contains a Zip Slip path traversal issue during artifact extraction. The...

Malicious Package

Overview tmp-npmsnha is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious code in tmp-npmsnha (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6b7dcde36d84ee5704ed922a7c1b72873a03638a5f31d9e7a57aa2c7c4d2399 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48005 Malicious code in tmp-npmsnha (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6b7dcde36d84ee5704ed922a7c1b72873a03638a5f31d9e7a57aa2c7c4d2399 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2010-2047

Malware in sbrugna...

EUVD-2011-4067

Malware in sbrugna...