CVE-2026-27598 Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory

Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...

EUVD-2025-202001

Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through = 1.16.7...

CVE-2025-63008

Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through = 1.16.7...

CVE-2025-63008 WordPress WP ERP plugin <= 1.16.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through = 1.16.7...

WordPress plugin WP ERP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2024-43922

Improper Control of Generation of Code 'Code Injection' vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7...

CVE-2024-43922

Improper Control of Generation of Code 'Code Injection' vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7...

WordPress plugin NitroPack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress NitroPack plugin <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin NitroPack versions = 1.16.7...

Gitea Git Fetch Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea repository migration process that lead...

Gitea < 1.16.7 Privilege Escalation Vulnerability

Gitea is prone to a privilege escalation vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

CVE-2022-30781

Gitea before 1.16.7 does not escape git fetch remote...

CVE-2022-30781

CVE-2022-30781 affects Gitea prior to 1.16.7. The issue arises from improper escaping in the git fetch remote during repository migration, enabling remote command execution. Public details confirm a Git fetch remote code path as the root cause and that versions before 1.16.7 are vulnerable; mitig...

Gitea 安全漏洞

Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea version 1.16.7 that stems from not escaping the git fetch remote...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security, bug fix, and enhancement update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: go-toolset:rhel8 security, bug fix, and enhancement update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been upgraded to a later upstream version: golang 1.16.7. BZ1938071 Security Fixes: golang: net: lookup functions may return invalid host names CVE-2021-33195...

Security fix for the ALT Linux 10 package golang version 1.16.7-alt1

1.16.7-alt1 built Aug. 12, 2021 Alexey Shabalin in task 282290 Aug. 9, 2021 Alexey Shabalin - New version 1.16.7. - Fixes: + CVE-2021-36221...

Google Kubernetes API Server Resource Management Error Vulnerability

Google Kubernetes is an open source Docker container cluster management system from Google. The system provides resource scheduling, deployment, service discovery, and scaling functions for containerized applications.API server is one of the API Application Programming Interface server. A resourc...

CVE-2019-11291 RabbitMQ XSS attack via federation and shovel endpoints

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious use...

PT-2019-6093 · Pivotal +3 · Rabbitmq +2

Name of the Vulnerable Software and Affected Versions: Pivotal RabbitMQ versions 3.7.x prior to 3.7.21 Pivotal RabbitMQ versions 3.8.x prior to 3.8.1 RabbitMQ for Pivotal Platform versions 1.16.x prior to 1.16.7 RabbitMQ for Pivotal Platform versions 1.17.x prior to 1.17.4 Description: The issue ...