CVE-2026-25643 Frigate Affected by Authenticated Remote Command Execution (RCE) and Container Escape

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...

Gogs's update .git/config file allows remote command execution

Summary Due to the insufficient patch for the https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7, it's still possible to update files in the .git directory and achieve remote command execution. Details Function UpdateRepoFile security check under some if conditions. While...

GHSA-GG64-XXR9-QHJP Gogs's update .git/config file allows remote command execution

Summary Due to the insufficient patch for the https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7, it's still possible to update files in the .git directory and achieve remote command execution. Details Function UpdateRepoFile security check under some if conditions. While...

EUVD-2025-206887

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2025-64111

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2025-64111

Summary: CVE-2025-64111 affects Gogs prior to 0.13.4 and 0.14.0+dev, where an insufficient patch for CVE-2024-56731 lets an attacker update files in the .git directory via the API router and achieve remote code execution (RCE). Documents confirm the root cause relates to UpdateRepoFile checks inv...

CVE-2025-64111 Gogs's update .git/config file allows remote command execution

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

Malicious code in gridifies (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5b003711060bdfd51eddae8b2ec6fc00313aee8bb480e9017b5ad5d03dbf567c Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

CVE-2026-25157

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

PT-2026-6745

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.4 Gogs versions 0.14.0+dev Description Gogs, a self-hosted Git service, is affected by a critical remote code execution RCE issue. This issue allows attackers to rewrite the .git/config file via an API, potentially...

PT-2026-6784

Name of the Vulnerable Software and Affected Versions Frigate versions prior to 0.16.4 Description Frigate is a network video recorder NVR with realtime local object detection for IP cameras. A critical Remote Command Execution RCE issue exists in the Frigate integration with go2rtc. The...

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 CVSS score: 9.4, is the result of inadequate sanitization that bypasse...

Edimax EW-7438RPn-v3 Mini 操作系统命令注入漏洞

The Edimax EW-7438RPn-v3 Mini is a mini wireless signal extender produced by Edimax of Taiwan, China. Version 1.27 of the Edimax EW-7438RPn-v3 Mini has a vulnerability related to operating system command injection. This vulnerability stems from remote command execution at the /goform/mp endpoint,...

CVE-2026-25049 n8n Has an Expression Escape Vulnerability Leading to RCE

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...

Maltrail <=0.54 Username Parameter - Remote Command Execution

Maltrail versions =0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. id: CVE-2025-34073 info: name: Maltrail =0.54 Username Parameter - Remote Command Execution author: SeungAh-Hong severity: critical...

GoAnywhere - Authentication Bypass

Fortra GoAnywhere MFT contains an insecure deserialization vulnerability in the License Servlet caused by deserializing attacker-controlled objects with a valid forged license response signature, letting attackers perform command injection, exploit requires valid forged license signature. id:...

Group Office 操作系统命令注入漏洞

Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.150, 25.0.82, and 26.0.5 contained an operating system command injection vulnerability. This vulnerability stemmed from improper parameter concatenation in the...

openssh: potential command injection via shell metacharacters

A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters...

OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

Two related vulnerabilities existed in the macOS application's SSH remote connection handling CommandResolver.swift: Details The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescap...

GHSA-Q284-4PVR-M585 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

Two related vulnerabilities existed in the macOS application's SSH remote connection handling CommandResolver.swift: Details The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescap...