10 matches found
CVE-2026-8770
A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The...
EUVD-2026-30715
A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The...
CVE-2026-8770
A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The...
Continue 路径遍历漏洞
“Continue” is an open-source AI code review tool that can enforce checks during CI processes. Versions of “continue” prior to 1.2.22 contain a path traversal vulnerability. This vulnerability stems from the function “lsTool” in the component’s JSON-RPC Server, where the function “lsTool” processe...
CVE-2026-1056
The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generateuserdirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...
CVE-2026-1056
The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generateuserdirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...
CVE-2026-1056 Snow Monkey Forms <= 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal
The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generateuserdirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...
PT-2026-5121
Name of the Vulnerable Software and Affected Versions Snow Monkey Forms versions up to and including 12.0.3 Description The Snow Monkey Forms plugin for WordPress is susceptible to arbitrary file deletion. Insufficient file path validation within the generate user dirpath function allows...
VietPHP _functions.php dirpath Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/25226/info VietPHP is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...
CVE-2006-1363
images.php in Justin White aka YTZ Free Web Publishing System FreeWPS 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file...