2 matches found
CVE-2026-44705
The CVE-2026-44705 entry concerns the tmp npm package (Node.js temporary file/directory creator). Prior to version 0.2.6, it is vulnerable to a path traversal flaw when user-controlled data is passed to the prefix, postfix, or dir options, allowing escaping the intended temporary base directory a...
CVE-2025-54798
CVE-2025-54798 concerns the tmp package for Node.js. In versions 0.2.3 and earlier, it is vulnerable to arbitrary temporary file and directory writes via the symbolic link dir parameter. The issue is fixed in version 0.2.4; users should upgrade to 0.2.4 or later to mitigate. The connected IBM bul...