ROOT-APP-NPM-CVE-2026-31802 CVE-2026-31802 in @rootio/tar - Patched by Root

Root has patched CVE-2026-31802 in the @rootio/tar package for Root:npm. Multiple fixed versions available...

Atlassian Jira Service Management Data Center and Server 11.3.3 < 11.3.5 (JSDSERVER-16573)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16573 advisory. - File Inclusion vulnerability, allows an unauthenticated attacker to get the application to display t...

[SECURITY] [DLA 4552-1] node-tar security update

Debian LTS Advisory DLA-4552-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert April 29, 2026 https://wiki.debian.org/LTS Package : node-tar Version : 6.0.5+ds1+cs11.3.9-1+deb11u3 CVE ID : CVE-2024-28863 CVE-2026-23745 CVE-2026-24842 CVE-2026-26960 CVE-2026-29786...

CLEANSTART-2026-DU32240 Security fixes for CVE-2026-2391, CVE-2026-26960, CVE-2026-29786, CVE-2026-31802, ghsa-34x7-hfp2-rc4v, ghsa-5359-pvf2-pw78, ghsa-73rr-hh4g-fpgx, ghsa-8qq5-rm4j-mr97, ghsa-r6q2-hw4h-h46w applied in versions: 4.2.1.1-r1, 4.2.1.1-r2, 4.3.0.1-r0, 4.3.1-r0

Multiple security vulnerabilities affect the thingsboard-tb-web-ui package. These issues are resolved in later releases. See references for individual vulnerability details...

Exploit for Path Traversal in Isaacs Tar

🛡️ CVE-2026-31802 - Simple Proof of Concept Viewer !Downloa...

CVE-2026-31802 vulnerabilities

Vulnerabilities for packages: sqlpad, lerna, node-gyp, saf, opensearch-dashboards, kubeflow-centraldashboard, pulumi, renovate, tileserver-gl...

@adenta/cms (>=0.0.6 <=1.1.1-0), @adobe/helix-deploy (>=11.0.19 <=11.1.15) +299 more potentially affected by CVE-2026-31802 via tar (>=7.0.0 <=7.5.10)

tar NPM version =7.0.0, =0.0.6, =11.0.19, =1.0.0, =1.0.2, =0.1.1, =0.1.1, =2.17.11, =1.9.5, =8.8.3, =0.0.2, =0.0.22 and more Source cves: CVE-2026-31802 Source advisory: SNYK:JS-TAR-15456201...

org.webjars.npm:canvas (>=2.5.0 <=2.6.0), org.webjars.npm:color-thief (=2.2.5) +12 more potentially affected by CVE-2026-31802 via org.webjars.npm:tar (>=0.1.20 <=4.4.19)

org.webjars.npm:tar MAVEN version =0.1.20, =2.5.0, =0.97.5, =0.2.0, =3.4.0, =0.6.19, =2.0.0, =3.1.4, =3.4.1 - org.webjars.npm:tar.gz =1.0.7 Source cves: CVE-2026-31802 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15456202...

CVE-2026-31802

A flaw was found in tar. An attacker can exploit this vulnerability by crafting a malicious tar archive containing a drive-relative symlink. This symlink, such as C:../../../target.txt, can trick the tar utility into writing files outside the intended extraction directory during normal archive...

CVE-2026-31802

CVE-2026-31802 affects node-tar (tar for Node.js) prior to version 7.5.11. The vulnerability allows a symlink path traversal during tar.x() extraction when a drive-relative symlink target such as C:../../../target.txt is used, enabling a file overwrite outside the extraction directory. The issue ...

CVE-2026-31802

creationtimestamp| type| source ---|---|--- 2026-03-09 05:53:24+00:00| published-proof-of-concept| https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/ 2026-03-29 00:00:04+00:00|...

EUVD-2025-31802

Malicious code in bioql PyPI...

CVE-2022-31802

creationtimestamp| type| source ---|---|--- 2025-07-01 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-03...

CVE-2024-31802

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code...

CVE-2025-31802

Missing Authorization vulnerability in Shiptimize Shiptimize for WooCommerce shiptimize-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiptimize for WooCommerce: from n/a through = 3.1.86...

WordPress Shiptimize for WooCommerce plugin <= 3.1.86 - Settings Change vulnerability

Settings Change vulnerability discovered by Mika in WordPress Plugin Shiptimize for WooCommerce versions = 3.1.86...

CVE-2025-31802 WordPress Shiptimize for WooCommerce plugin <= 3.1.86 - Settings Change vulnerability

Missing Authorization vulnerability in Shiptimize Shiptimize for WooCommerce shiptimize-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiptimize for WooCommerce: from n/a through = 3.1.86...

CVE-2025-31802

Technical details for CVE-2025-31802 are not provided in the connected documents. Public information about affected product/version, root cause, impact, or fixes is not present here. Monitor for updates from official advisories or CVE references.

Netgear R7000 Backup.cgi Heap Overflow Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear R7000 backup.cgi Heap Overflow RCE', 'Description' = %q This module exploits a heap buffer overflow in the genie.cgi?backup.cgi page of...

CVE-2024-31802

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code...