CVE-2026-31886 Dagu has a Path Traversal via `dagRunId` in Inline DAG Execution

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves...

PT-2025-33666 · Unknown · Namelessmc

Name of the Vulnerable Software and Affected Versions: NamelessMC versions prior to 2.2.4 Description: NamelessMC is a website software for Minecraft servers. A cross-site scripting XSS issue exists in NamelessMC before version 2.2.4, allowing authenticated attackers to inject arbitrary web scrip...

UBUNTU-CVE-2025-46807

A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4...

cosign 安全漏洞

cosign is a container signing, verification, and storage in an OCI registry in the United States. A security vulnerability exists in versions prior to cosign 2.2.4 that originates from a maliciously crafted software artifact that may cause a denial of service on a computer running Cosign...

GHSA-3V7G-4PG3-7R6J OS Command injection in Apache Airflow

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...

Symantec VIP Access for Desktop DLL Load Native Code Execution Vulnerability

Symantec VIP Access for Desktop is a suite of online account security protection software from Symantec Symantec. A security vulnerability exists in versions of Symantec VIP Access for Desktop prior to 2.2.4. An attacker could exploit the vulnerability to run an external executable file...