Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedHat Linux
RedHat Linuxadded 2026/05/19 9:16 a.m.7 views

node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the path-reservations system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially...

8.8CVSS6.2AI score0.00009EPSS
Exploits1References6
EUVD
EUVDadded 2026/01/21 1:5 a.m.1 views

EUVD-2026-3595

Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS...

8.8CVSS5.3AI score0.00009EPSS
Exploits1References3
Snyk
Snykadded 2026/01/20 1:45 a.m.4 views

Improper Handling of Unicode Encoding

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in Path Reservations via Unicode Sharp-S ß Collisions on macOS APFS. An attacker can overwrite arbitrary files by exploiting Unicode normalization collisions ...

8.8CVSS5.8AI score0.00009EPSS
Exploits1References3
OSV
OSVadded 2026/01/20 1:15 a.m.0 views

UBUNTU-CVE-2026-23950

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

8.8CVSS5.8AI score0.00009EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/01/20 12:40 a.m.2 views

CVE-2026-23950

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

8.8CVSS5.5AI score0.00009EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2026/01/20 12:40 a.m.2 views

CVE-2026-23950 node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

8.8CVSS5.8AI score0.00009EPSS
Exploits1References4
Veracode
Veracodeadded 2025/04/29 6:34 a.m.5 views

Use Of Weak Hash

pnpm is vulnerable to Use of Weak Hash. The vulnerability is due to improper path shortening caused by the use of the md5 function for compression, which can cause different libraries to resolve to the same storage path if a hash collision occurs...

6.5CVSS6.7AI score0.00063EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2025/04/23 4:15 p.m.7 views

CVE-2024-47829

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...

6.5CVSS0.00063EPSS
Exploits1References1
Rows per page
Query Builder