CVE-2026-23950

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

CVE-2026-23950

Summary of CVE-2026-23950 (node-tar) : A race condition in node-tar’s path-reservations on macOS APFS/HFS+ enables parallel processing of conflicting Unicode paths (e.g., “ß” vs “ss”), bypassing internal locks and allowing an Arbitrary File Overwrite . Affected are node-tar versions up to 7.5.3; ...

node-tar security vulnerability

node-tar is a software package for file compression/decompression developed by Isaacs. Versions of node-tar 7.5.3 and earlier contain security vulnerabilities. These vulnerabilities stem from incomplete handling of Unicode path conflicts, which may lead to race conditions, allowing arbitrary file...

PT-2026-3529

Name of the Vulnerable Software and Affected Versions node-tar versions up to and including 7.5.3 Description node-tar, a Tar for Node.js, contains a race condition due to incomplete handling of Unicode path collisions within the path-reservations system. This issue occurs on case-insensitive or...

VulnCheck KEV: CVE-2025-0626

The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to...

MiracleLinux 7 : podman-1.6.4-18.el7 (AXSA:2020-067:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-067:02 advisory. buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 proglottis/gpgme: Use-after-free in GPGME...

MiracleLinux 9 : kernel-5.14.0-362.24.1.el9_3 (AXSA:2024-7637:09)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7637:09 advisory. kernel: inactive elements in nftpipapowalk CVE-2023-6817 kernel: netfilter: use-after-free in nfttransgccatchallsync leads to privilege escalation...

MiracleLinux 9 : gstreamer1-plugins-good-1.18.4-6.el9 (AXSA:2023-5649:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5649:01 advisory. gstreamer-plugins-good: Potential heap overwrite in gstmatroskademuxaddwvpkheader CVE-2022-1920 gstreamer-plugins-good: Heap-based buffer overflow i...

MiracleLinux 7 : rh-nodejs8-nodejs-8.17.0-2.el7 (AXSA:2020-200:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-200:01 advisory. nodejs-brace-expansion: Regular expression denial of service CVE-2017-18077 nodejs-chownr: TOCTOU vulnerability in chownr function in chownr.js...

MiracleLinux 7 : buildah-1.11.6-11.el7 (AXSA:2020-066:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-066:02 advisory. buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 containers/image: Container images read...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2025-10860:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10860:01 advisory. podman: Podman kube play command may overwrite host files CVE-2025-9566 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : container-tools:2.0 (AXSA:2020-866:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-866:01 advisory. buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 Bug Fixes: podman 1.6.4 is not honouring...

MiracleLinux 9 : gstreamer1-plugins-good-1.22.1-2.el9 (AXSA:2024-8036:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8036:01 advisory. gstreamer-plugins-good: integer overflow leading to heap overwrite in FLAC image tag handling CVE-2023-37327 Tenable has extracted the preceding description...

Linux Distros Unpatched Vulnerability : CVE-2026-23950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path...

MiracleLinux 8 : kernel-4.18.0-477.10.1.el8_8 (AXSA:2023-5865:16)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5865:16 advisory. use-after-free caused by l2capreassemblesdu in net/bluetooth/l2capcore.c CVE-2022-3564 net/ulp: use-after-free in listening ULP sockets CVE-2023-046...

MiracleLinux 8 : curl-7.61.1-14.el8 (AXSA:2021-1144:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1144:01 advisory. curl: Incorrect argument check can allow remote servers to overwrite local files CVE-2020-8177 Tenable has extracted the preceding description block directly...

MiracleLinux 8 : gstreamer1-plugins-base-1.16.1-3.el8 (AXSA:2024-8315:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8315:02 advisory. gstreamer-plugins-base: heap overwrite in subtitle parsing CVE-2023-37328 Tenable has extracted the preceding description block directly from the MiracleLinu...

MiracleLinux 8 : gstreamer1-plugins-good-1.16.1-4.el8 (AXSA:2024-8317:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8317:02 advisory. gstreamer-plugins-good: integer overflow leading to heap overwrite in FLAC image tag handling CVE-2023-37327 Tenable has extracted the preceding description...

MiracleLinux 8 : nodejs:12 (AXSA:2021-2440:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2440:01 advisory. nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

Directory Traversal

Overview swingmusic is a Swing Music Affected versions of this package are vulnerable to Directory Traversal via the listfolders function in the /folder/dir-browser endpoint. An attacker can access arbitrary directories on the server filesystem by sending crafted requests as an authenticated...