CVE-2026-49497 Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...

CVE-2026-42885 Audiobookshelf: Path prefix bypass in filesystem existence check leaks out-of-scope file existence

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...

PT-2026-7322

Name of the Vulnerable Software and Affected Versions TP-Link Tapo C260 version v1 Description A flaw exists in the firmware of the TP-Link Tapo C260 IP camera related to incorrect path restriction of the directory path name. Successful exploitation allows a remote attacker to gain unauthorized...

PT-2022-1497 · Samba +9 · Samba +9

Name of the Vulnerable Software and Affected Versions: Samba versions prior to 4.15.5 Description: The issue allows a malicious client to use a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. This can be...

libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API

It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of...