CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

Tenable Nessus•added 2026/06/05 12:0 a.m.•8 views

Node.js Module node-tar < 7.5.10 Arbitrary File Overwrite

The version of node-tar installed on the remote host is prior to 7.5.10. It is, therefore, affected by a vulnerability: - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a...

8.2CVSS6.2AI score0.00276EPSS

Exploits2References2

Tenable Nessus•added 2026/06/05 12:0 a.m.•33 views

Node.js Module node-tar < 7.5.11 Arbitrary File Overwrite

The version of node-tar installed on the remote host is prior to 7.5.11. It is, therefore, affected by a vulnerability: - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a...

8.2CVSS6.4AI score0.00253EPSS

Exploits3References2

EUVD•added 2026/03/10 11:44 p.m.•3 views

EUVD-2026-10403

node-tar Symlink Path Traversal via Drive-Relative Linkpath...

8.2CVSS5.8AI score0.00253EPSS

Exploits3References3

Snyk•added 2026/03/10 11:44 p.m.•2 views

Symlink Attack

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Symlink Attack via tar.x extraction, which allows an attacker to overwrite arbitrary files outside the intended extraction directory with a drive-relative symlink target - like...

8.2CVSS6.3AI score0.00253EPSS

Exploits3References2

OSV•added 2026/03/10 11:44 p.m.•1 views

GHSA-9PPJ-QMQM-Q256 node-tar Symlink Path Traversal via Drive-Relative Linkpath

Summary tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Details The extraction logic in...

8.2CVSS6AI score0.00253EPSS

Exploits3References4

Github Security Blog•added 2026/03/10 11:44 p.m.•4 views

node-tar Symlink Path Traversal via Drive-Relative Linkpath

8.2CVSS5.9AI score0.00253EPSS

Exploits3References4Affected Software1

OSV•added 2026/03/10 7:44 a.m.•2 views

DEBIAN-CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

5.5CVSS7.5AI score0.00253EPSS

Exploits3References1

NVD•added 2026/03/10 7:44 a.m.•5 views

CVE-2026-31802

8.2CVSS0.00253EPSS

Exploits3References2

OSV•added 2026/03/10 7:44 a.m.•5 views

UBUNTU-CVE-2026-31802

8.2CVSS5.8AI score0.00253EPSS

Exploits3References3

Tenable Nessus•added 2026/03/10 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-31802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction director...

8.2CVSS6.6AI score0.00253EPSS

Exploits3References2

CVE•added 2026/03/09 9:11 p.m.•27 views

CVE-2026-31802

CVE-2026-31802 affects node-tar (tar for Node.js) prior to version 7.5.11. The vulnerability allows a symlink path traversal during tar.x() extraction when a drive-relative symlink target such as C:../../../target.txt is used, enabling a file overwrite outside the extraction directory. The issue ...

8.2CVSS5.8AI score0.00253EPSS

Exploits3References2Affected Software1

AlpineLinux•added 2026/03/09 9:11 p.m.•3 views

CVE-2026-31802

8.2CVSS5.8AI score0.00253EPSS

Exploits3References2

ATTACKERKB•added 2026/03/09 9:11 p.m.•4 views

CVE-2026-31802

8.2CVSS5.8AI score0.00253EPSS

Exploits3References3Affected Software1

Cvelist•added 2026/03/09 9:11 p.m.•37 views

CVE-2026-31802 node-tar Symlink Path Traversal via Drive-Relative Linkpath

8.2CVSS0.00253EPSS

Exploits3References2

Vulnrichment•added 2026/03/09 9:11 p.m.•2 views

CVE-2026-31802 node-tar Symlink Path Traversal via Drive-Relative Linkpath

8.2CVSS5.8AI score0.00253EPSS

Exploits3References2

OSV•added 2026/03/09 9:11 p.m.•2 views

CVE-2026-31802 node-tar Symlink Path Traversal via Drive-Relative Linkpath

8.2CVSS5.8AI score0.00253EPSS

Exploits3References4

RedhatCVE•added 2026/03/09 4:53 p.m.•3 views

CVE-2026-29786

A flaw was found in node-tar. A hardlink that points outside the extraction directory can be created by using a drive-relative link target such as C:../target.txt, allowing a file overwrite outside the current working directory during normal tar.x extraction. Mitigation Red Hat has investigated...

8.6CVSS5.7AI score0.00276EPSS

Exploits2References5

OSV•added 2026/03/07 4:15 p.m.•2 views

AZL-79553 CVE-2026-29786 affecting package tar 1.35-2

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...

8.2CVSS6.1AI score0.00276EPSS

Exploits2References1

OSV•added 2026/03/07 4:15 p.m.•2 views

DEBIAN-CVE-2026-29786

6.3CVSS5.8AI score0.00276EPSS

Exploits2References1

NVD•added 2026/03/07 4:15 p.m.•3 views

CVE-2026-29786

8.2CVSS0.00276EPSS

Exploits2References2

Rows per page