#rce

This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we've seen arrests, spies at work, and big power moves online. Hackers are getting caught. Spies are getting better at their jobs. Even simple things like browser add-ons and smart home gadgets are being used to attack people. Every day, there's a new story that shows how quickly things are

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.5 ATTENTION: Exploitable remotely Vendor: Opto 22 Equipment: GRV-EPIC-PR1, GRV-EPIC-PR2, groov RIO Vulnerability: Improper Neutralization of Special Elements used in an OS Command 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the execution of arbitrary shell commands with root privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of GRV Programmable Logic Controllers are affected: GRV-EPIC-PR1 Firmware: Versions prior to 4.0.3 GRV-EPIC-PR2 Firmware: Versions prior to 4.0.3 groov RIO GRV-R7-MM1001-10 Firmware: Versions prior to 4.0.3 groov RIO GRV-R7-MM2001-10 Firmware: Versions prior to 4.0.3 groov RIO GRV-R7-I1VAPM-3 Firmware: Versions prior to 4.0.3 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-78 A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows rem...

### Summary The esm.sh CDN service contains a Template Literal Injection vulnerability (CWE-94) in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the `?module` query parameter, esm.sh converts it to a JavaScript module by embedding the CSS content directly into a template literal without proper sanitization. An attacker can inject malicious JavaScript code using `${...}` expressions within CSS files, which will execute when the module is imported by victim applications. This enables Cross-Site Scripting (XSS) in browsers and Remote Code Execution (RCE) in Electron applications. **Root Cause:** The CSS module conversion logic (`router.go:1112-1119`) performs incomplete sanitization - it only checks for backticks (\`) but fails to escape template literal expressions (`${...}`), allowing arbitrary JavaScript execution when the CSS content is inserted into a template literal string. ### Details **File:** `server/router.go` **Lines:** 1112-1119 ...

### Summary The esm.sh CDN service is vulnerable to a Path Traversal (CWE-22) vulnerability during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths (e.g., `package/../../tmp/evil.js`). When esm.sh downloads and extracts this package, files may be written to arbitrary locations on the server, escaping the intended extraction directory. Uploading files containing `../` in the path is not allowed on official registries (npm, GitHub), but the `X-Npmrc` header allows specifying any arbitrary registry. By setting the registry to an attacker-controlled server via the `X-Npmrc` header, this vulnerability can be triggered. ### Details **file:** `server/npmrc.go` **line:** 552-567 ```go func extractPackageTarball(installDir string, pkgName string, tarball io.Reader) (err error) { pkgDir := path.Join(installDir, "node_modules", pkgName) tr := tar.NewReader(unziped) for { h, err := tr.Next...

A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execute arbitrary code. It has been addressed in 7-Zip version 25.00 released in July 2025. "The specific flaw exists

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution (RCE) through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary code with application privileges.  This issue affects all current versions. Users are recommended to upgrade to version 3.5.0, which fixes the issue.

Mindgard reveals 4 critical security flaws in the popular Cline Bot AI coding agent. Learn how prompt injection can hijack the tool for API key theft and remote code execution.

Mindgard reveals 4 critical security flaws in the popular Cline Bot AI coding agent. Learn how prompt injection can hijack the tool for API key theft and remote code execution.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: METZ CONNECT Equipment: EWIO2 Vulnerabilities: Authentication Bypass by Primary Weakness, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), Unrestricted Upload of File with Dangerous Type, Path Traversal: '.../...//', Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and control the device remotely or perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS METZ CONNECT reports that the following products are affected: METZ CONNECT Firmware (<2.2.0) installed on METZ CONNECT Hardware EWIO2-M: All versions METZ CONNECT Firmware (<2.2.0) installed on METZ CONNECT Hardware EWIO2-M-BM: All versions METZ CONNECT Firmware (<2.2.0) installed on METZ CONNECT Hardware EWIO2-BM: All versions 3.2 Vulnerability Overview 3.2.1 AUTHENTI...

### Summary An authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ (v4.0.13 and prior) allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, including reading, modifying, or deleting all data, as well as potential remote code execution depending on the database configuration. ### Details The vulnerability exists in the `save` method within the `src/phpMyFAQ/Controller/Administration/ConfigurationTabController.php` controller. This method handles the saving of application-wide configuration settings. It retrieves all submitted form data as an associative array via `$request->get('edit')`. The core of the issue is that while the *values* of this array are processed, the *keys* are trusted implicitly and are not sanitized or validated. **File:** `src/phpMyFAQ/Controller/Administration/ConfigurationTabController.php` ```php...