Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-25701 | 2026-06-17 | N/A | N/A | ||
| An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: * gain access to possible private information found in /var/lib/pcrlock.d * manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the integrity of the data should it be restored. * overwrite protected system files with data from /var/lib/pcrlock.d by placing symlinks to existing files in the directory tree in /tmp/pcrlock.d.bak. This issue affects sdbootutil: from ? before 5880246d3a02642dc68f5c8cb474bf63cdb56bca. | |||||
| CVE-2026-20649 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-06-17 | N/A | 7.5 HIGH |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3. A user may be able to view sensitive user information. | |||||
| CVE-2026-20618 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data. | |||||
| CVE-2025-9474 | 2026-06-17 | 3.5 LOW | 4.5 MEDIUM | ||
| A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used. | |||||
| CVE-2025-7707 | 1 Llamaindex | 1 Llamaindex | 2026-06-17 | N/A | 7.8 HIGH |
| The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, data tampering, or privilege escalation. The vulnerability arises from the use of a shared cache directory instead of a user-specific one, making it susceptible to local data tampering and denial of service. | |||||
| CVE-2025-66625 | 1 Umbraco | 1 Umbraco Cms | 2026-06-17 | N/A | 4.9 MEDIUM |
| Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses (HTTP 500 when a file exists, 404 when it does not) allow the attacker to enumerate the existence of arbitrary files on the server’s filesystem. This vulnerability does not allow reading or writing file contents. In certain configurations, incomplete clean-up of temporary upload files may additionally expose the NTLM hash of the Windows account running the Umbraco application. This issue is fixed in version 13.12.1. | |||||
| CVE-2025-61659 | 2026-06-17 | N/A | 6.8 MEDIUM | ||
| bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name. | |||||
| CVE-2025-46369 | 1 Dell | 1 Alienware Command Center | 2026-06-17 | N/A | 7.8 HIGH |
| Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation. | |||||
| CVE-2025-46368 | 1 Dell | 1 Alienware Command Center | 2026-06-17 | N/A | 6.6 MEDIUM |
| Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. | |||||
| CVE-2025-34194 | 2 Microsoft, Vasion | 3 Windows, Virtual Appliance Application, Virtual Appliance Host | 2026-06-17 | N/A | 7.8 HIGH |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (Windows client deployments) contain an insecure temporary-file handling vulnerability in the PrinterInstallerClient components. The software creates files as NT AUTHORITY\SYSTEM inside a directory under the control of the local user (C:\Users\%USER%\AppData\Local\Temp\). An attacker who can place symbolic links or otherwise influence filenames in that directory can cause the service to follow the link and write to arbitrary filesystem locations as SYSTEM. This allows a local, unprivileged user to overwrite or create files as SYSTEM, leading to local privilege escalation and the ability to modify configuration files, replace or inject binaries, or otherwise compromise confidentiality, integrity, and availability of the system. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced. | |||||
| CVE-2025-14614 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-06-17 | N/A | 6.7 MEDIUM |
| Insecure Temporary File vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Explore for Predictable Temporary File Names.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1. | |||||
| CVE-2025-14612 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-06-17 | N/A | 6.7 MEDIUM |
| Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1. | |||||
| CVE-2025-14307 | 1 Robocode | 1 Robocode | 2026-06-17 | N/A | 8.1 HIGH |
| An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions. | |||||
| CVE-2024-6654 | 2026-06-17 | N/A | N/A | ||
| Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down. | |||||
| CVE-2024-49506 | 2026-06-17 | N/A | N/A | ||
| Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem | |||||
| CVE-2024-34490 | 2026-06-17 | N/A | 5.1 MEDIUM | ||
| In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d. | |||||
| CVE-2024-2313 | 2 Bpftrace, Linux | 2 Bpftrace, Linux Kernel | 2026-06-17 | N/A | 2.8 LOW |
| If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. | |||||
| CVE-2024-23287 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data. | |||||
| CVE-2024-22236 | 1 Vmware | 1 Spring Cloud Contract | 2026-06-17 | N/A | 3.3 LOW |
| In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. | |||||
| CVE-2024-10372 | 1 Chidiwilliams | 1 Buzz | 2026-06-17 | 3.5 LOW | 4.5 MEDIUM |
| A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||