CVE-2025-57771

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution...

CVE-2025-57771 Roo-Code potential remote code execution via auto-execute command parsing flaw

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution...

CVE-2025-57771

CVE-2025-57771 affects Roo Code prior to 3.25.5. The flaw lies in the command parsing for auto-execute commands, where process substitution and single ampersand handling can be bypassed, allowing an attacker who can submit crafted prompts to cause arbitrary commands to run alongside the intended ...

CVE-2025-57771 Roo-Code potential remote code execution via auto-execute command parsing flaw

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution...

CVE-2025-57771 Roo-Code potential remote code execution via auto-execute command parsing flaw

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution...

CVE-2025-38658

In the Linux kernel, the following vulnerability has been resolved: nvmet: pci-epf: Do not complete commands twice if nvmetreqinit fails Have nvmetreqinit and req-execute complete failed commands. Description of the problem: nvmetreqinit calls nvmetreqcomplete internally upon failure, e.g.,...

CVE-2025-38658

Summary (CVE-2025-38658) : In the Linux kernel nvmet PCIe target, a failure path in nvmet_req_init() could cause a command to be completed twice (one via __nvmet_req_complete() -> queue_response, and another via nvmet_pci_epf_exec_iod_work()), potentially sending two completions to the host an...

CVE-2025-38658 nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails

In the Linux kernel, the following vulnerability has been resolved: nvmet: pci-epf: Do not complete commands twice if nvmetreqinit fails Have nvmetreqinit and req-execute complete failed commands. Description of the problem: nvmetreqinit calls nvmetreqcomplete internally upon failure, e.g.,...

PT-2025-34449 · Robocode · Robocode

Name of the Vulnerable Software and Affected Versions: Roo Code versions prior to 3.25.5 Description: Roo Code, an AI-powered autonomous coding agent, does not correctly process process substitution and single ampersand characters within its command parsing logic for auto-execute commands. If a...

CVE-2010-20007 Seagull FTP v3.3 Build 409 Stack Buffer Overflow

Seagull FTP Client = v3.3 Build 409 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long filename, the application fails to properly...

CVE-2025-3128

CVE-2025-3128 affects Mitsubishi Electric smartRTU. A remote unauthenticated attacker can bypass authentication via a specific API route to execute arbitrary OS commands, leading to disclosure, tampering, destruction of data, or DoS. Documents consistently state remote command-injection risk with...

MAL-2025-41427 Malicious code in @navancorp/ta-travel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 475cb3266e9f473c951bb35f87e31b76f08d312ee1916977eb7a125f339f7b7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in catflix (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0f682b0d66f1100534a823b754c3bc096ac54a5142489698fc5589813699d9e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

AVEVA PI Integrator 代码问题漏洞

AVEVA PI Integrator is a business analysis tool from AVEVA UK. AVEVA PI Integrator suffers from a code issue vulnerability that originates from an authenticated attacker who could upload and execute files...

GHSA-GGJM-F3G4-RWMM n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

Impact A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the ability to create symlinks—such as by using the...

n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

Impact A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the ability to create symlinks—such as by using the...

CVE-2025-8612

AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain the ability to execute low-privileged code on the target...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jq (SUSE-SU-2025:02915-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02915-1 advisory. - CVE-2025-48060: Fixed stack-buffer-overflow in jqfuzzexecute bsc1244116 Tenable has extracted the...

SUSE-SU-2025:02915-1 Security update for jq

This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jqfuzzexecute bsc1244116...

CVE-2024-8393

The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary...