CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

348 matches found

Tenable Nessus•added 2026/01/20 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-23950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path...

8.8CVSS5.5AI score0.00153EPSS

Exploits1References3

RedhatCVE•added 2026/01/17 10:29 p.m.•8 views

CVE-2026-23745

A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the...

8.2CVSS5.4AI score0.00308EPSS

Exploits2References5

GithubExploit•added 2026/01/17 7:45 a.m.•224 views

Exploit for CVE-2026-23745

CVE-2026-23745: node-tar Arbitrary File Overwrite Research:...

8.2CVSS6.9AI score0.00308EPSS

Exploits2

Tenable Nessus•added 2026/01/17 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-23745

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false...

8.2CVSS6AI score0.00308EPSS

Exploits2References3

OSV•added 2026/01/16 10:16 p.m.•3 views

DEBIAN-CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

6.1CVSS5.9AI score0.00308EPSS

Exploits2References1

NVD•added 2026/01/16 10:16 p.m.•6 views

CVE-2026-23745

8.2CVSS0.00308EPSS

Exploits2References2

UbuntuCve•added 2026/01/16 10:16 p.m.•2 views

CVE-2026-23745

8.2CVSS6.7AI score0.00308EPSS

Exploits2References3

OSV•added 2026/01/16 10:16 p.m.•7 views

UBUNTU-CVE-2026-23745

8.2CVSS6.7AI score0.00308EPSS

Exploits2References4

Cvelist•added 2026/01/16 10:0 p.m.•26 views

CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

8.2CVSS0.00308EPSS

Exploits2References2

ATTACKERKB•added 2026/01/16 10:0 p.m.•2 views

CVE-2026-23745

8.2CVSS5.4AI score0.00308EPSS

Exploits2References3Affected Software1

Vulnrichment•added 2026/01/16 10:0 p.m.•1 views

CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

8.2CVSS5.5AI score0.00308EPSS

Exploits2References2

AlpineLinux•added 2026/01/16 10:0 p.m.•3 views

CVE-2026-23745

8.2CVSS5.6AI score0.00308EPSS

Exploits2References2

EUVD•added 2026/01/16 10:0 p.m.•6 views

EUVD-2026-2909

8.2CVSS6.4AI score0.00308EPSS

Exploits2References3

Debian CVE•added 2026/01/16 10:0 p.m.•3 views

CVE-2026-23745

8.2CVSS5.9AI score0.00308EPSS

Exploits2

CVE•added 2026/01/16 10:0 p.m.•84 views

CVE-2026-23745

node-tar (Tar for Node.js) vulnerability CVE-2026-23745: the library fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false, allowing bypass of extraction root restrictions and leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning ...

8.2CVSS6.5AI score0.00308EPSS

Exploits2References2Affected Software1

OSV•added 2026/01/16 10:0 p.m.•6 views

CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

8.2CVSS6.8AI score0.00308EPSS

Exploits2References4

Github Security Blog•added 2026/01/16 9:16 p.m.•21 views

node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

Summary The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and...

8.2CVSS7.6AI score0.00308EPSS

Exploits2References4Affected Software1

CNNVD•added 2026/01/16 12:0 a.m.•3 views

node-tar path traversal vulnerability

node-tar is a software package for file compression/decompression developed by Isaacs. Versions of node-tar 7.5.2 and earlier contained a path traversal vulnerability. This vulnerability stemmed from uncleaned link paths, which could lead to arbitrary file overwriting and symbolic link poisoning...

8.2CVSS6.6AI score0.00308EPSS

Exploits2References3

Positive Technologies•added 2026/01/16 12:0 a.m.•5 views

PT-2026-3329

Name of the Vulnerable Software and Affected Versions node-tar versions = 7.5.2 Description The node-tar library fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false, which is the default secure behavior. This allows malicious archives to bypass...

8.2CVSS5.3AI score0.00308EPSS

Exploits2References229

Positive Technologies•added 2026/01/01 12:0 a.m.•3 views

PT-2026-24117

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.11 Description The node-tar software contains a flaw where it can be manipulated into creating a symbolic link that points outside the intended extraction directory. This is achieved by utilizing a drive-relative...

9.8CVSS5.8AI score0.01286EPSS

Exploits6References208

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by