Gogs vulnerable to RCE via git rebase --exec argument injection in pull request merge

Gogs: RCE via git rebase --exec Argument Injection in PR Merge Summary Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase...

CVE-2026-4511 vanna-ai vanna legacy exec injection

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

CVE-2026-4511

CVE-2026-4511 affects vanna-ai up to version 2.0.2. The vulnerability targets the function exec in the file /src/vanna/legacy, enabling injection due to an underlying manipulation. The issue is exploitable remotely and has publicly disclosed exploit materials. Multiple CVE references corroborate ...

EUVD-2022-6236

Malicious code in bioql PyPI...

AZL-10532 CVE-2022-30580 affecting package golang for versions less than 1.18.5-1

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...