CVE-2026-27598 Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory

Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...

EUVD-2025-202001

Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through = 1.16.7...

CVE-2025-63008

Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through = 1.16.7...

WordPress plugin WP ERP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress NitroPack plugin <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin NitroPack versions = 1.16.7...

Gitea Git Fetch Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea repository migration process that lead...

Gitea < 1.16.7 Privilege Escalation Vulnerability

Gitea is prone to a privilege escalation vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

Gitea 安全漏洞

Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea version 1.16.7 that stems from not escaping the git fetch remote...

CVE-2019-11291 RabbitMQ XSS attack via federation and shovel endpoints

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious use...