Lucene search
K

101 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 1:40 p.m.6 views

Security Bulletin: Maximo AI Service uses tar-7.4.3.tgz which is vulnerable to CVE-2026-23745 and CVE-2026-23950.

Summary Maximo AI Service uses tar-7.4.3.tgz which is vulnerable to CVE-2026-23745 and CVE-2026-23950. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-23950 DESCRIPTION: node-tar,a Tar for Node.js, has a race condition...

8.8CVSS6.4AI score0.00334EPSS
Exploits3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.3 views

PT-2026-29283

An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

9.8CVSS6.4AI score0.00668EPSS
Exploits1References5
CVE
CVE
added 2026/03/31 12:0 a.m.7 views

CVE-2026-30281

CVE-2026-30281 affects MaruNuri LLC v2.0.23, with an arbitrary file overwrite through the file import process that can lead to arbitrary code execution or information exposure. The vulnerability is tied to the file-import flow (v2.0.23). Some sources describe exploitation as remote code execution...

9.8CVSS6.4AI score0.0069EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 12:0 a.m.2 views

CVE-2026-30282

An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...

6.4AI score0.00363EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/31 12:0 a.m.29 views

CVE-2026-30282

An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...

0.00363EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/18 4:9 p.m.29 views

Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)

Summary The Capgo CLI writes sensitive local files .capgo API key file and build credentials JSON using unsafe file operations that follow symlinks and do not enforce safe permissions. This allows an attacker-controlled repository to cause arbitrary file overwrite on the developer’s machine when...

5.9AI score
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2026/03/14 10:4 p.m.202 views

Exploit for CVE-2026-31802

CVE-2026-31802: tar Symlink Path Traversal / Arbitrary File Ov...

8.2CVSS5.8AI score0.00253EPSS
Exploits4
Cvelist
Cvelist
added 2026/03/06 6:54 a.m.29 views

CVE-2026-29065 changedetection.io: Zip Slip vulnerability in the backup restore functionality

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4...

9.3CVSS0.00527EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.10 views

PT-2026-23608

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.10 Description The node-tar package contains a flaw where it can be tricked into creating a hardlink that points outside the extraction directory. This is achieved by using a drive-relative link target, such as...

8.8CVSS5.9AI score0.00408EPSS
Exploits2References214
CVE
CVE
added 2026/03/03 12:0 a.m.12 views

CVE-2025-66945

CVE-2025-66945 affects Zdir Pro 4.x ZIP extraction API (/api/extract). A path traversal vulnerability can cause files to be written outside the intended directory, enabling arbitrary file overwrites and potentially remote code execution. Connected sources confirm the issue exists; exploitation de...

9.1CVSS6.6AI score0.0053EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/11 8:27 p.m.5 views

CVE-2026-26157

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

7CVSS6.2AI score0.00682EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.12 views

PT-2026-7665

Name of the Vulnerable Software and Affected Versions BusyBox affected versions not specified Description A flaw exists in BusyBox’s archive extraction utilities due to incomplete path sanitization. An attacker can create malicious archives that, when extracted under specific conditions, may allo...

7.2CVSS6.4AI score0.02793EPSS
Exploits6References36
NVD
NVD
added 2026/01/20 1:15 a.m.7 views

CVE-2026-23950

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

8.8CVSS0.00233EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2026/01/20 12:40 a.m.2 views

CVE-2026-23950 node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

8.8CVSS5.8AI score0.00233EPSS
Exploits1References2
OSV
OSV
added 2026/01/16 10:16 p.m.3 views

DEBIAN-CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

6.1CVSS5.9AI score0.00334EPSS
Exploits2References1
NVD
NVD
added 2026/01/16 10:16 p.m.9 views

CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

8.2CVSS0.00334EPSS
Exploits2References13
ATTACKERKB
ATTACKERKB
added 2026/01/16 10:0 p.m.2 views

CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

8.2CVSS5.4AI score0.00334EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/01/16 9:16 p.m.1 views

GHSA-8QQ5-RM4J-MR97 node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

Summary The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and...

8.2CVSS5.9AI score0.00334EPSS
Exploits2References4
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.5 views

node-tar path traversal vulnerability

node-tar is a software package for file compression/decompression developed by Isaacs. Versions of node-tar 7.5.2 and earlier contained a path traversal vulnerability. This vulnerability stemmed from uncleaned link paths, which could lead to arbitrary file overwriting and symbolic link poisoning...

8.2CVSS6.6AI score0.00334EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 8 : socat-1.7.4.1-2.el8_10 (AXSA:2025-10502:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10502:01 advisory. socat: arbitrary file overwrite via predictable /tmp directory CVE-2024-54661 Tenable has extracted the preceding description block directly from the...

9.8CVSS7.1AI score0.00794EPSS
Exploits0References2
Rows per page
Query Builder