CVE-2026-8770

A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The...

CVE-2026-8770 continuedev continue JSON-RPC Server lsTool.ts lsTool path traversal

A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The...

CVE-2026-8770

A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The...

CVE-2026-8770 continuedev continue JSON-RPC Server lsTool.ts lsTool path traversal

A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The...

PT-2026-41589

A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The...

CVE-2026-34070

LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an...

CVE-2026-34070

CVE-2026-34070 affects LangChain Core prior to 1.2.22, where multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injections. An attacker could read arbitrary host files whe...

Exploit for CVE-2026-34070

I Found a Path Traversal Bug in LangChain That Could Leak Your...

WordPress VK Google Job Posting Manager plugin <= 1.2.22 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin VK Google Job Posting Manager versions = 1.2.22...

Attackers Actively Exploiting Critical Vulnerability in WP Freeio Plugin

On September 25th, 2025, we received a submission for a Privilege Escalation vulnerability in WP Freeio, a WordPress plugin bundled in the Freeio premium theme with more than 1,700 sales. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative...

EUVD-2025-26728

Malicious code in bioql PyPI...

CVE-2025-9517

The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This is due to insufficient sanitization when saving the custom log path. This makes it possible for authenticated attackers, with...

CVE-2025-9517

The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This is due to insufficient sanitization when saving the custom log path. This makes it possible for authenticated attackers, with...

CVE-2025-9516

The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...

CVE-2025-9516 atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Read

The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...

CVE-2025-9516

CVE-2025-9516 affects the atec Debug WordPress plugin (versions ≤ 1.2.22). An authenticated attacker with Administrator-level access can read arbitrary files via the custom_log parameter, exposing contents outside the intended directory. Red Hat and CVE listings corroborate this file-read impact,...

CVE-2025-9516 atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Read

The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...

PT-2025-35866

Name of the Vulnerable Software and Affected Versions: atec Debug plugin for WordPress versions prior to 1.2.23 Description: The atec Debug plugin for WordPress is susceptible to an arbitrary file read issue. This allows authenticated attackers with Administrator-level access or higher to view th...

CVE-2024-11195

The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's printemailsubscribeform shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress plugin Email Subscription Popup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...