10 matches found
FreeBSD : rclone -- Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation (0f3342e3-73ba-11f1-910d-3c7c3fba4204)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0f3342e3-73ba-11f1-910d-3c7c3fba4204 advisory. https://github.com/rclone/rclone/security/advisories/GHSA-qw24-gh76-8rvv reports: Rclone is a...
CVE-2026-49980 Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...
CVE-2026-49980 Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...
CVE-2026-49980
Summary of risks and remediation for CVE-2026-49980 : Rclone 1.46.0 through 1.74.3 is vulnerable to unauthenticated command execution via rcd --rc-serve. An unauthenticated GET/HEAD request to paths like /[remote:path]/object can cause the remote value to be parsed and used during backend initial...
rclone -- Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation
https://github.com/rclone/rclone/security/advisories/GHSA-qw24-gh76-8rvv reports: Rclone is a command-line program to sync files and directories to and from different cloud storage providers.From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of...
Rclone 1.46.x < 1.74.3 Unauthenticated Command Execution
The version of Rclone installed on the remote host is 1.46.x prior to 1.74.3. It is, therefore, affected by an unauthenticated command execution vulnerability: - rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form /remote:path/object. The remote value is parse...
GHSA-QW24-GH76-8RVV Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix
Summary rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: text /remote:path/object The remote value is parsed from the URL and passed to normal backend initialization. Inline remote configuration can set backend options that execute local commands during...
Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix
Summary rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: text /remote:path/object The remote value is parsed from the URL and passed to normal backend initialization. Inline remote configuration can set backend options that execute local commands during...
EUVD-2026-3296
Mailpit has a Server-Side Request Forgery SSRF via HTML Check API...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the inlineRemoteCSS function during the HTML email analysis process. An attacker can cause the server to make arbitrary HTTP requests to external resources by supplying crafted HTML emails containing...