6765 matches found
UBUNTU-CVE-2026-23745
node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...
CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization
node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...
CVE-2026-23745
node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...
CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization
node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...
EUVD-2026-2909
node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...
CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization
node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...
node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization
Summary The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and...
OESA-2026-1096 tar security update
GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.35...
OESA-2026-1094 tar security update
GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.35...
OESA-2026-1091 tar security update
GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.35...
openSUSE 16 Security Update : wget2 (openSUSE-SU-2026:20038-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20038-1 advisory. Changes in wget2: - Update to release 2.2.1 Fix file overwrite issue with metalink CVE-2025-69194 bsc1255728 Fix remote buffer overflow in...
PT-2026-3329
Name of the Vulnerable Software and Affected Versions node-tar versions = 7.5.2 Description The node-tar library fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false, which is the default secure behavior. This allows malicious archives to bypass...
CVE-2022-50916
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.ph...
CVE-2022-50939
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality image.php where the uploadcaption parameter is n...
CVE-2026-22871
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...
OPENSUSE-SU-2026:20038-1 Security update for wget2
This update for wget2 fixes the following issues: Changes in wget2: - Update to release 2.2.1 Fix file overwrite issue with metalink CVE-2025-69194 bsc1255728 Fix remote buffer overflow in getlocalfilenamereal CVE-2025-69195 bsc1255729 Fix a redirect/mirror regression from 400713ca Use the local...
MiracleLinux 3 : cups-1.3.7-18.8.0.1.AXS3 (AXSA:2010-481:05)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-481:05 advisory. The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. It has been developed by Easy Software Products to...
MiracleLinux 3 : lftp-3.7.11-4.AXS3.3 (AXSA:2010-400:01)
The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-400:01 advisory. LFTP is a sophisticated ftp/http file transfer program. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in...
CVE-2022-50939
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality image.php where the uploadcaption parameter is n...
CVE-2026-22685
DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...