CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

338 matches found

Tenable Nessus•added 2026/03/07 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-29786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory b...

8.2CVSS6.4AI score0.00009EPSS

Exploits2References3

Atlassian•added 2026/03/06 5:29 a.m.•18 views

Path Traversal node-tar Dependency in Jira Service Management Data Center

This High severity Path Traversal vulnerability was introduced in versions 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Service Management Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.8...

8.8CVSS5.8AI score0.00009EPSS

Exploits1

Atlassian•added 2026/03/06 5:29 a.m.•19 views

File Inclusion node-tar Dependency in Jira Software Data Center

This High severity File Inclusion vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVS...

8.2CVSS6AI score0.00027EPSS

Exploits1

Tenable Nessus•added 2026/03/06 12:0 a.m.•3 views

Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1466)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1466 advisory. node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. Th...

8.8CVSS6.3AI score0.00027EPSS

Exploits4References8

Tenable Nessus•added 2026/03/06 12:0 a.m.•2 views

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1465)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1465 advisory. A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js...

8.8CVSS4.9AI score0.00092EPSS

Exploits3References8

Tenable Nessus•added 2026/03/06 12:0 a.m.•4 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1464)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1464 advisory. node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. Th...

8.8CVSS6.7AI score0.00011EPSS

Exploits3References6

Amazon•added 2026/03/05 12:0 a.m.•4 views

Important: nodejs24

Issue Overview: node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to...

8.8CVSS5.9AI score0.00027EPSS

Exploits4

Amazon•added 2026/03/05 12:0 a.m.•2 views

Important: nodejs20

8.8CVSS5.9AI score0.00011EPSS

Exploits3

Amazon•added 2026/03/05 12:0 a.m.•4 views

Important: nodejs22

Issue Overview: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be...

8.8CVSS5AI score0.00092EPSS

Exploits3

IBM Security Bulletins•added 2026/02/27 3:16 p.m.•7 views

Security Bulletin: Multiple Vulnerabilities in IBM Data Product Hub

Summary Multiple vulnerabilities were addressed in IBM Data Product Hub version 5.3.1 Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content...

8.9CVSS7.2AI score0.00074EPSS

Exploits4Affected Software1

OSV•added 2026/02/27 12:41 a.m.•1 views

CLEANSTART-2026-NY12442 node-tar is a full-featured Tar for Node

Multiple security vulnerabilities affect the npm package. node-tar is a full-featured Tar for Node. See references for individual vulnerability details...

9.8CVSS5.8AI score0.01851EPSS

Exploits4References11

OSV•added 2026/02/24 12:40 a.m.•3 views

CLEANSTART-2026-LM41397 node-tar is a full-featured Tar for Node

Multiple security vulnerabilities affect the npm package. node-tar is a full-featured Tar for Node. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00011EPSS

Exploits3References5

SUSE CVE•added 2026/02/21 12:23 a.m.•0 views

SUSE CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS5.8AI score0.00008EPSS

Exploits1References3

RedhatCVE•added 2026/02/20 4:29 p.m.•3 views

CVE-2026-26960

A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the...

7.1CVSS5.5AI score0.00008EPSS

Exploits1References6

OSV•added 2026/02/20 2:16 a.m.•3 views

DEBIAN-CVE-2026-26960

7.1CVSS6.2AI score0.00008EPSS

Exploits1References1