CVE-2026-41433

OpenTelemetry eBPF Instrumentation (OpenTelemetry OBI) has a local impact flaw in the Java agent injection path for versions 0.4.0–0.7.x (before 0.8.0). A compromised Java workload can cause arbitrary host file overwrites when Java injection is enabled and OBI runs with elevated privileges. The r...

CVE-2026-41433 OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and OBI is...

uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

CVE-2026-35342

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

Linux Distros Unpatched Vulnerability : CVE-2026-35342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is...

OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR

Summary A flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and OBI is running with elevated privileges. The injector trusted TMPDIR from the target process and used unsafe file creation...

GHSA-GC5V-M9X4-R6X2 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Impact The requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could...

GHSA-6W46-J5RX-G56G pytest has vulnerable tmpdir handling

pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-user name pattern, which allows local users to cause a denial of service or possibly gain privileges...

EUVD-2018-18658

Malware in sbrugna...

EUVD-2021-0931

Malware in sbrugna...

EUVD-2004-1441

Malware in sbrugna...

EUVD-2022-26457

Malicious code in bioql PyPI...

EUVD-2023-33034

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-29465

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of ...

tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter

Summary [email protected] is vulnerable to an Arbitrary temporary file / directory write via symbolic link dir parameter. Details According to the documentation there are some conditions that must be held: // https://github.com/raszi/node-tmp/blob/v0.2.3/README.md?plain=1L41-L50 Other breaking changes,...

CVE-2021-28966

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...

Linux Distros Unpatched Vulnerability : CVE-2018-6914

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before...

BIT-RUBY-MIN-2021-28966

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...

BIT-RUBY-2021-28966

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...

PT-2023-8997 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.423 and earlier, LTS 2.414.1 and earlier Description: The issue is related to the processing of file uploads using the Stapler web framework, which creates temporary files in the default system temporary directory with the...