91 matches found
CVE-2026-31882
Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication DAGUAUTHMODE=basic, all Server-Sent Events SSE endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG...
CVE-2026-31886
Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves...
PT-2026-25364
Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication DAGU AUTH MODE=basic, all Server-Sent Events SSE endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG...
CVE-2026-27598
Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...
CVE-2026-27598
Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...
dagu 路径遍历漏洞
Dagu is a workflow engine developed under open source by Dagu Workflow Engine. Versions of Dagu 1.16.7 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the CreateNewDAG API endpoint not verifying the DAG name properly. As a result, authenticated users could...
CVE-2026-2536
A vulnerability was determined in opencc JFlow up to 20260129. This affects the function ImpDone of the file src/main/java/bp/wf/httphandler/WFAdminAttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be...
EUVD-2026-6126
A vulnerability was determined in opencc JFlow up to 20260129. This affects the function ImpDone of the file src/main/java/bp/wf/httphandler/WFAdminAttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be...
CVE-2026-2536
A vulnerability was determined in opencc JFlow up to 20260129. This affects the function ImpDone of the file src/main/java/bp/wf/httphandler/WFAdminAttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be...
JFlow 代码问题漏洞
JFlow is a low-code BPM development platform open-sourced by Jinan Chicheng opencc in China. Versions of JFlow dated 20260129 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the File parameter in the function ImpDone within the Workflow Engine...
PT-2026-8312
A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp Done of the file src/main/java/bp/wf/httphandler/WF Admin AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be...
PT-2026-3870
Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to 3.6.17 and prior to 3.7.8 Description Argo Workflows contains a stored cross-site scripting XSS issue in the artifact directory listing. This allows a workflow author to execute arbitrary JavaScript in another...
CVE-2026-1010
A stored cross-site scripting XSS vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow,...
CVE-2026-1010
A stored cross-site scripting XSS vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow,...
CVE-2026-1010
A stored cross-site scripting XSS vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow,...
CVE-2026-1010
CVE-2026-1010 is a stored XSS vulnerability in the Altium Workflow Engine caused by missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data, and when an administrator views the affected workflow, the ...
CVE-2026-1010 Stored Cross-Site Scripting in Altium Enterprise Server Workflow Engine Allows Privilege Escalation
A stored cross-site scripting XSS vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow,...
CVE-2026-1010
A stored cross-site scripting XSS vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow,...
CVE-2026-1010 Stored Cross-Site Scripting in Altium Enterprise Server Workflow Engine Allows Privilege Escalation
A stored cross-site scripting XSS vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow,...
PT-2026-3143
Name of the Vulnerable Software and Affected Versions Altium Workflow Engine affected versions not specified Description A stored cross-site scripting XSS issue exists because of insufficient server-side input sanitization within workflow form submission APIs. An authenticated user can inject...