Gogs has Path Traversal in organization name that results in RCE through Git hooks
-
Updated
Jul 2, 2026
Gogs has Path Traversal in organization name that results in RCE through Git hooks
The new vuln of Magento has a Arbitary file upload/Remote code execution conditions.
An unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression without parameterization or validation, allowing an attacker to execute arbitrary SQL against the database.
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore.
Gorse < 0.5.10 contains an authentication bypass caused by empty admin_api_key in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty admin_api_key configuration.
OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value.
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
Add a description, image, and links to the thecodeb0ss topic page so that developers can more easily learn about it.
To associate your repository with the thecodeb0ss topic, visit your repo's landing page and select "manage topics."