CVE-2026-49497 Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...

CVE-2026-42885

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...

CVE-2026-42885 Audiobookshelf: Path prefix bypass in filesystem existence check leaks out-of-scope file existence

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...

CVE-2026-33329 FileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence Oracle

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

CVE-2026-33329 FileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence Oracle

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

CVE-2026-33329

FileRise is affected by a path traversal in the resumableIdentifier used by the UploadModel::handleUpload() function. From version 1.0.1 up to but excluding 3.10.0, unsanitized paths allow an authenticated user with upload permission to write files to arbitrary directories, perform post-assembly ...

PT-2026-7322

Name of the Vulnerable Software and Affected Versions TP-Link Tapo C260 version v1 Description A flaw exists in the firmware of the TP-Link Tapo C260 IP camera related to incorrect path restriction of the directory path name. Successful exploitation allows a remote attacker to gain unauthorized...

Ez Systems eZ Platform 安全漏洞

Ez Systems eZ Platform is a content management system CMS based on the Symfony framework from Ez Systems, Norway. A security vulnerability exists in Ez Systems eZ Publish Ibexa Kernel versions prior to 7.5.15.1, which stems from misuse of the /user/sessions endpoint to determine if an account...

PT-2022-1497 · Samba +9 · Samba +9

Name of the Vulnerable Software and Affected Versions: Samba versions prior to 4.15.5 Description: The issue allows a malicious client to use a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. This can be...

libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API

It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of...