CVEs classified under CWE-378, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2024-39872 — CVSS 9.6 (critical): A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly…
CVE-2025-32438 — CVSS 8.8 (high): make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With…
CVE-2025-27148 — CVSS 8.8 (high): Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system…
CVE-2021-29428 — CVSS 8.8 (high): In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple…
CVE-2026-33572 — CVSS 8.4 (high): OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read…
CVE-2026-4137 — CVSS 7.8 (high): In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary…
CVE-2025-38747 — CVSS 7.8 (high): Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A…
CVE-2024-7358 — CVSS 7.8 (high): A vulnerability was found in Point B Ltd Getscreen Agent 2.19.6 on Windows. It has been declared as critical. Affected by this…
CVE-2024-42052 — CVSS 7.8 (high): The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 uses a temporary folder with weak permissions during installation. A…
CVE-2021-25314 — CVSS 7.8 (high): A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux…
CVE-2025-46685 — CVSS 7.5 (high): Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A…
CVE-2025-4953 — CVSS 7.4 (high): A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not…
CVE-2025-7647 — CVSS 7.3 (high): The llama-index-core package, up to version 0.12.44, contains a vulnerability in the `get_cache_dir()` function where a predictable…
CVE-2020-27216 — CVSS 7.0 (high): In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like…
CVE-2025-46684 — CVSS 6.6 (medium): Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A…
CVE-2025-55629 — CVSS 6.5 (medium): Insecure permissions in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allow attackers to…
CVE-2024-23454 — CVSS 6.2 (medium): Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file…
CVE-2021-25654 — CVSS 6.2 (medium): An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute…
CVE-2023-26603 — CVSS 5.9 (medium): JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions. This allows privilege escalation to…
CVE-2023-0482 — CVSS 5.5 (medium): In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates…
CVE-2021-21363 — CVSS 5.3 (medium): swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs…
CVE-2023-28600 — CVSS 5.2 (medium): Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom…
CVE-2026-2817 — CVSS 4.4 (medium): Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system…
CVE-2023-27408 — CVSS 3.3 (low): A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of…
CVE-2021-21331 — CVSS 3.0 (low): The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via…
CVE-2024-47884: foxmarks is a CLI read-only interface for Firefox's bookmarks and history. A temporary file was created under the /tmp directory with read…