PT-2026-30442

Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A weakness exists in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30. This impacts an unknown function within the /fs file. Manipulation of the cwd argument can lead to...

IMAPServer (=0.1.0), OpenDataSH_twitter_notifier (>=0.1.0 <=0.1.2) +1893 more potentially affected by unknown CVE via tokio-fs (>=0.1.7 <=0.2.0-alpha.6)

tokio-fs CARGO version =0.1.7, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.4.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.7.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0061...

Security Bulletin: Vulnerabilities in tar-fs-2.1.1.tgz affecting MongoDB Enterprised Advanced (CVE-2025-59343)

Summary There is a vulnerability in tar-fs-2.1.1.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-59343. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1,...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343.

Summary IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for...

Security Bulletin: Astronomer with IBM is vulnerable to symlink validation bypass due to the tar-fs package (CVE-2025-59343)

Summary Tar-fs is used by Astronomer with IBM as part of tar file processing functionality. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the...

Security Bulletin: IBM App Connect Enterprise is vulnerable to symlink validation bypass due to tar-fs ( CVE-2025-59343 )

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors arevulnerable to symlink validation bypass due to tar-fs. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream...

EUVD-2019-0483

Malware in sbrugna...

EUVD-2025-31022

Malicious code in bioql PyPI...

SUSE CVE-2025-59343

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...

0wcc9yywcywy (=1.0.0), 0wu8yw8by8cw (=1.0.0) +2814 more potentially affected by CVE-2025-59343 via tar-fs (>=3.0.2 <=3.1.0)

tar-fs NPM version =3.0.2, =0.0.1, =2.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-59343 Source advisory: SNYK:JS-TARFS-13045213...

007putra-my-bot (=1.1.1), 10bis-shufersal-automation (=1.0.0) +4996 more potentially affected by CVE-2025-59343 via tar-fs (>=2.0.0 <=2.1.3)

tar-fs NPM version =2.0.0, =0.2.0, =1.0.0, =1.0.0, =0.107.10, =1.19.19, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.123.2 and more Source cves: CVE-2025-59343 Source advisory: SNYK:JS-TARFS-13045213...

007putra-my-bot (=1.1.1), 10bis-shufersal-automation (=1.0.0) +4996 more potentially affected by CVE-2025-59343 via tar-fs (>=2.0.0 <=2.1.3)

tar-fs NPM version =2.0.0, =0.2.0, =1.0.0, =1.0.0, =0.107.10, =1.19.19, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.123.2 and more Source cves: CVE-2025-59343 Source advisory: OSV:GHSA-VJ76-C3G6-QR5V...

org.webjars.npm:image-thumbnail (=1.0.15), org.webjars.npm:pkg-fetch (=3.4.2) +3 more potentially affected by CVE-2025-59343 via org.webjars.npm:tar-fs (=2.1.1)

org.webjars.npm:tar-fs MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:tar-fs and may be impacted: - org.webjars.npm:image-thumbnail =1.0.15 - org.webjars.npm:pkg-fetch =3.4.2 - org.webjars.npm:prebuild-install =7.1...

@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +387 more potentially affected by CVE-2025-59343 via tar-fs (>=0.1.8 <=1.16.3)

tar-fs NPM version =0.1.8, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.0.5, =1.1.2 - @elm-node/npm-scripts =1.0.0 - @hlsrules-test/fc-libreoffice =1.0.0 and more Source cves: CVE-2025-59343 Source advisory: OSV:GHSA-VJ76-C3G6-QR...

@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +116 more potentially affected by CVE-2025-59343 via tar-fs (>=1.0.0 <=1.16.3)

tar-fs NPM version =1.0.0, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.0.5, =1.1.2 - @elm-node/npm-scripts =1.0.0 - @hlsrules-test/fc-libreoffice =1.0.0 and more Source cves: CVE-2025-59343 Source advisory: SNYK:JS-TARFS-1304521...

CVE-2025-59343 tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...

tar-fs 安全漏洞

tar-fs is a tar-stream filesystem bundle from the individual developer Mathias Buus. A security vulnerability exists in tar-fs versions prior to 3.1.1, 2.1.3, and 1.16.5, which stems from the possibility of bypassing symbolic link validation when the destination directory is predictable...

Security Bulletin: Vulnerability in tar-fs package affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in tar-fs has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

-price-checker (>=1.0.0 <=1.0.5), 003-gas-convert (=1.0.1) +18186 more potentially affected by unknown CVE via fs (>=0.0.0 <=0.0.2)

fs NPM version =0.0.0, =1.0.0, =0.0.21, =1.0.0, =0.3.96, =1.0.2 - 2.4-qr-code-project =1.0.0 - 2.typescript-init =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-21003...

Linux Distros Unpatched Vulnerability : CVE-2024-12905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Improper Link Resolution Before File Access Link Following and Improper Limitation of a Pathname to a Restricted Directory Path Traversal. This vulnerability...