CVE-2012-2666 — CVSS 9.8 (critical): golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with…
CVE-2015-5224 — CVSS 9.8 (critical): The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly…
CVE-2025-14307 — CVSS 8.1 (high): An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile…
CVE-2023-43498 — CVSS 8.1 (high): In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the…
CVE-2025-46369 — CVSS 7.8 (high): Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged…
CVE-2025-7707 — CVSS 7.8 (high): The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable…
CVE-2018-6705 — CVSS 7.8 (high): Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform…
CVE-2018-6704 — CVSS 7.8 (high): Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform…
CVE-2025-67223 — CVSS 7.5 (high): The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable…
CVE-2026-20649 — CVSS 7.5 (high): A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3…
CVE-2018-6706 — CVSS 7.5 (high): Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to…
CVE-2024-49506: Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the…
CVE-2021-20202 — CVSS 7.3 (high): A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider…
CVE-2020-8027 — CVSS 7.3 (high): A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15…
CVE-2026-49134 — CVSS 7.1 (high): CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute…
CVE-2026-20204 — CVSS 7.1 (high): In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5…
CVE-2026-40973 — CVSS 7.0 (high): A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When…
CVE-2026-4822 — CVSS 7.0 (high): A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file…
CVE-2026-25701: An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects…
CVE-2025-61659 — CVSS 6.8 (medium): bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name.
CVE-2024-6654: Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the…
CVE-2025-14614 — CVSS 6.7 (medium): Insecure Temporary File vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer…
CVE-2025-14612 — CVSS 6.7 (medium): Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows : Use of Predictable File Names.This…
CVE-2020-8032 — CVSS 6.7 (medium): A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This…
CVE-2025-46368 — CVSS 6.6 (medium): Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged…
CVE-2022-26386 — CVSS 6.5 (medium): Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior…
CVE-2017-20147 — CVSS 6.5 (medium): In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping…
CVE-2017-7549 — CVSS 6.4 (medium): A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack…
CVE-2026-20651 — CVSS 6.2 (medium): A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.4…
CVE-2026-40979 — CVSS 6.1 (medium): In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0…
CVE-2026-20618 — CVSS 5.5 (medium): An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access…
CVE-2024-23287 — CVSS 5.5 (medium): A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma…
CVE-2026-41001 — CVSS 5.3 (medium): Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when…
CVE-2024-34490 — CVSS 5.1 (medium): In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be…
CVE-2022-21945 — CVSS 5.1 (medium): A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for…
CVE-2021-46705 — CVSS 5.1 (medium): A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local…
CVE-2026-41991 — CVSS 4.7 (medium): GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not…
CVE-2025-9474 — CVSS 4.5 (medium): A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file…
CVE-2024-10372 — CVSS 4.5 (medium): A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of…
CVE-2026-25645 — CVSS 4.4 (medium): Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable…
CVE-2020-1994 — CVSS 4.1 (medium): A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files…
CVE-2021-29429 — CVSS 4.0 (medium): In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access…
CVE-2015-0849 — CVSS 3.9 (low): pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.
CVE-2020-1740 — CVSS 3.9 (low): A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another…
CVE-2020-8030 — CVSS 3.6 (low): A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the…
CVE-2026-35342 — CVSS 3.3 (low): The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back…
CVE-2021-25316 — CVSS 3.3 (low): A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows…