Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory

...

CVE-2026-44340

PraisonAI prior to 4.6.37 does not validate member.linkname or reject symlink/hardlink archive members in _safe_extractall, and calls tar.extractall(dest_dir) without a data filter. A bundle could contain a symlink inside dest_dir with a linkname outside it, followed by a file path traversing the...

CVE-2026-24884 Compressing Vulnerable to Arbitrary File Write via Symlink Extraction

Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an attacker can caus...

CVE-2026-24884

The CVE-2026-24884 vulnerability affects the npm package compressing (versions ≤ 1.10.3 and 2.0.0) where TAR extraction of symbolic links is performed without validating link targets. This can allow an attacker to cause subsequent archive entries to be written to arbitrary locations on the host f...

Compressing Vulnerable to Arbitrary File Write via Symlink Extraction

Arbitrary File Write via Symlink Extraction in github.com/node-modules/compressing Brief Introduction The compressing npm package extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an...

PT-2026-6407

Arbitrary File Write via Symlink Extraction in github.com/node-modules/compressing Brief Introduction The compressing npm package extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an...

AlmaLinux 8 : python39:3.9 (ALSA-2025:23530)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23530 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 python: Virtual environment venv activation scripts don't...

CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

UBUNTU-CVE-2023-37460

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution...

CVE-2022-36113 Extracting malicious crates can corrupt arbitrary files

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the...

CVE-2021-38511

An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal...

Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution

Summary: The vulnerabity is that the dlppolicyupload.cgi allows the upload of a zip file, located statically as: /var/dlppolicy.zip. The problem is that we can then get that file extracted using admindlp.cgi. This gets extracted into 2 locations: - /engptnstores/prod/sensorSDK/data/ -...

Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Remote Code Execution

!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance /opt/TrendMicro/MinorityReport/bin/ Then, all we do is create /engptnstores/prod/sensorSDK/data/si/dlpkill.sh with malicious code and get it executed... Notes: ====== - For this particular PoC, all I did was exec a bind shell using...