4 matches found
CVE-2026-27783
CVE-2026-27783 affects Gitea versions up to 1.26.1. The vulnerability arises because the issue_templates, issue_config, and issue_config/validate endpoints do not enforce repository-unit authorization, allowing callers with any repository unit (e.g., Issues) to read Code-tree files from the repos...
CVE-2026-3474 EmailKit <= 1.6.3 - Authenticated (Administrator+) Path Traversal via 'emailkit-editor-template' REST API Parameter
The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 1.6.3. This is due to the action function in the TemplateData class passing user-supplied input from the 'emailkit-editor-templat...
CVE-2025-44830
EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface...
Gin-Vue-Admin 路径遍历漏洞
Gin-Vue-Admin is a full-stack pre-development infrastructure platform based on Vue and Gin development. A path traversal vulnerability exists in Gin-Vue-Admin versions before 2.5.5, which stems from a security issue in the downloadTemplate, ExportExcel interfaces, resulting in a path traversal...