3 matches found
arkadiyt-projects: Path Traversal in writeFile via Unsafe Prefix Containment Check Allows Out-of-Directory Writes
A path traversal vulnerability was discovered in the protodump tool. The vulnerability allowed an attacker to influence the output filename construction and bypass the containment check, enabling writes outside the intended output directory. The vulnerability was caused by the use of...
Linux Distros Unpatched Vulnerability : CVE-2026-29786
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory b...
CVE-2026-26158 Busybox: busybox: arbitrary file modification and privilege escalation via unvalidated tar archive entries
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...