Lucene search
K

16 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51115

Name of the Vulnerable Software and Affected Versions go.qbee.io/transport versions prior to v1.26.25 Description The extractTar routine in the go.qbee.io/transport library contains a symlink-chain path traversal issue. Because path validation is strictly lexical and does not account for on-disk...

6CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.7 views

PT-2026-24092

Name of the Vulnerable Software and Affected Versions Shescape versions prior to 2.1.9 Description Shescape is a JavaScript shell escape library. A flaw exists where an attacker may be able to bypass escaping for the shell being used, potentially leading to exposure of sensitive information. This...

6.3CVSS5.8AI score0.00052EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/02/20 1:7 a.m.30 views

CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS0.00288EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2026/02/19 12:0 a.m.181 views

📄 Python Tarfile Bypass

This proof of concept exploit targets CVE-2025-4138, a vulnerability in Python's built-in tarfile module when extracting archives using filter="data". The issue allows a crafted archive to bypass intended path restrictions by abusing filesystem path length handling and symbolic link resolution...

7.5CVSS5.5AI score0.01109EPSS
Exploits7
Snyk
Snyk
added 2026/02/18 12:57 a.m.4 views

Directory Traversal

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via the extract function. An attacker can read or write files outside the intended extraction directory by causing the application to extract a malicious archiv...

8.4CVSS6.6AI score0.00288EPSS
Exploits1References2
OSV
OSV
added 2026/02/18 12:57 a.m.7 views

GHSA-83G3-92JG-28CX Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...

7.1CVSS5.9AI score0.00288EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/02/18 12:57 a.m.11 views

Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...

7.1CVSS5.5AI score0.00288EPSS
Exploits1References5Affected Software1
GithubExploit
GithubExploit
added 2026/02/15 9:59 p.m.215 views

Exploit for CVE-2025-4138

CVE-2025-4138 — Python tarfile filter="data" Bypass Arbitra...

7.5CVSS6.5AI score0.01109EPSS
Exploits7
GithubExploit
GithubExploit
added 2026/02/15 7:39 p.m.234 views

Exploit for CVE-2025-4517

CVE-2025-4517 / CVE-2025-4330 — Python tarfile Data Filter B...

9.4CVSS6.9AI score0.01184EPSS
Exploits11
RedHat Linux
RedHat Linux
added 2026/02/05 4:3 p.m.3 views

nodejs: Nodejs file permissions bypass

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

9.1CVSS5.9AI score0.01633EPSS
Exploits2References5
Cvelist
Cvelist
added 2026/01/21 10:45 p.m.17 views

CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass

Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...

6.3CVSS0.0043EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/21 10:45 p.m.3 views

CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass

Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...

6.3CVSS5.7AI score0.0043EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/21 10:40 p.m.4 views

EUVD-2026-4138

@backstage/cli-common has a possible resolveSafeChildPath Symlink Chain Bypass...

6.3CVSS5.4AI score0.0043EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 12:30 a.m.9 views

CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

7.5CVSS6.8AI score0.00722EPSS
Exploits0References1
CVE
CVE
added 2023/08/07 12:0 a.m.92 views

CVE-2022-48579

CVE-2022-48579 affects UnRAR prior to version 6.2.3, enabling extraction of files outside the destination folder via symlink chains. Public sources in connected documents confirm vulnerable versions and indicate fixes/updates: e.g., UnRAR 6.2.3+ addresses the issue; Debian LTS advisory DLA-3535-1...

7.5CVSS7.4AI score0.00722EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/05/04 12:29 a.m.4 views

CVE-2018-10722

In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink...

7.8CVSS5.9AI score0.0055EPSS
Exploits1References1
Rows per page
Query Builder