CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

IBM Security Bulletins•added 2026/05/04 2:25 p.m.•2 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

8.8CVSS6.2AI score0.00009EPSS

Exploits1Affected Software2

Tenable Nessus•added 2026/04/15 12:0 a.m.•2 views

Atlassian Jira Service Management 5.15.2 < 10.3.18 / 10.4.0 < 11.3.3 (JSDSERVER-16530)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16530 advisory. - node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3...

8.8CVSS6.3AI score0.00009EPSS

Exploits1References2

IBM Security Bulletins•added 2026/03/31 1:40 p.m.•5 views

Security Bulletin: Maximo AI Service uses tar-7.4.3.tgz which is vulnerable to CVE-2026-23745 and CVE-2026-23950.

Summary Maximo AI Service uses tar-7.4.3.tgz which is vulnerable to CVE-2026-23745 and CVE-2026-23950. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-23950 DESCRIPTION: node-tar,a Tar for Node.js, has a race condition...

8.8CVSS6.4AI score0.00011EPSS

Exploits3Affected Software1

Amazon•added 2026/03/05 12:0 a.m.•3 views

Important: nodejs24

Issue Overview: node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to...

8.8CVSS5.9AI score0.00027EPSS

Exploits4

Amazon•added 2026/03/05 12:0 a.m.•1 views

Important: nodejs20

8.8CVSS5.9AI score0.00011EPSS

Exploits3

Veracode•added 2026/02/02 8:34 a.m.•2 views

Race Condition

node-tar is vulnerable to a Race Condition Vulnerability. The vulnerability is due to improper handling of Unicode path collisions in the PathReservations locking mechanism on normalization-insensitive or case-insensitive filesystems, which allows an attacker to exploit race conditions using...

8.8CVSS5.8AI score0.00009EPSS

Exploits1References3Affected Software2

EUVD•added 2026/01/21 1:5 a.m.•1 views

EUVD-2026-3595

Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS...

8.8CVSS5.3AI score0.00009EPSS

Exploits1References3

Github Security Blog•added 2026/01/21 1:5 a.m.•11 views

Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS

TITLE: Race Condition in node-tar Path Reservations via Unicode Sharp-S ß Collisions on macOS APFS AUTHOR: Tomás Illuminati Details A race condition vulnerability exists in node-tar v7.5.3 this is to an incomplete handling of Unicode path collisions in the path-reservations system. On...

8.8CVSS5.9AI score0.00009EPSS

Exploits1References4Affected Software1

OSV•added 2026/01/21 1:5 a.m.•0 views

GHSA-R6Q2-HW4H-H46W Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS

8.8CVSS6AI score0.00009EPSS

Exploits1References4

OSV•added 2026/01/20 1:15 a.m.•2 views

DEBIAN-CVE-2026-23950

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

5.9CVSS5.7AI score0.00009EPSS

Exploits1References1

NVD•added 2026/01/20 1:15 a.m.•2 views

CVE-2026-23950

8.8CVSS0.00009EPSS

Exploits1References2

OSV•added 2026/01/20 1:15 a.m.•0 views

UBUNTU-CVE-2026-23950

8.8CVSS5.8AI score0.00009EPSS

Exploits1References5

CVE•added 2026/01/20 12:40 a.m.•33 views

CVE-2026-23950

Summary of CVE-2026-23950 (node-tar) : A race condition in node-tar’s path-reservations on macOS APFS/HFS+ enables parallel processing of conflicting Unicode paths (e.g., “ß” vs “ss”), bypassing internal locks and allowing an Arbitrary File Overwrite . Affected are node-tar versions up to 7.5.3; ...

8.8CVSS5.8AI score0.00009EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/01/20 12:40 a.m.•2 views

CVE-2026-23950

8.8CVSS5.5AI score0.00009EPSS

Exploits1References3Affected Software1

AlpineLinux•added 2026/01/20 12:40 a.m.•3 views

CVE-2026-23950

8.8CVSS5.8AI score0.00009EPSS

Exploits1References2

Debian CVE•added 2026/01/20 12:40 a.m.•7 views

CVE-2026-23950

8.8CVSS5.7AI score0.00009EPSS

Exploits1

Cvelist•added 2026/01/20 12:40 a.m.•20 views

CVE-2026-23950 node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS

8.8CVSS0.00009EPSS

Exploits1References2

OSV•added 2026/01/20 12:40 a.m.•2 views

CVE-2026-23950 node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS

8.8CVSS5.8AI score0.00009EPSS

Exploits1References4

Vulnrichment•added 2026/01/20 12:40 a.m.•1 views

CVE-2026-23950 node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS

8.8CVSS5.8AI score0.00009EPSS

Exploits1References2

Positive Technologies•added 2026/01/20 12:0 a.m.•0 views

PT-2026-3529

Name of the Vulnerable Software and Affected Versions node-tar versions up to and including 7.5.3 Description node-tar, a Tar for Node.js, contains a race condition due to incomplete handling of Unicode path collisions within the path-reservations system. This issue occurs on case-insensitive or...

9CVSS5.6AI score0.00009EPSS

Exploits1References26

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by