arbitrary code execution
Coverage of arbitrary code execution in the Nexus archive.
- Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
Zimbra is urging customers to apply updates to address a critical security vulnerability in the Classic Web Client that could allow arbitrary code execution via stored cross-site scripting (XSS). The flaw could enable malicious scripts to run in user sessions through specially crafted emails and has not yet been assigned a CVE identifier.
- Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
A critical remote code execution (RCE) vulnerability has been disclosed in Gogs, an open-source self-hosted Git service, allowing authenticated users to execute arbitrary code. The flaw is rated 9.4 on the CVSS scoring system and currently lacks a CVE identifier.
- Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Google has patched a critical security vulnerability (CVSS 10) in the Gemini CLI npm package and GitHub Actions workflow, which could have enabled unprivileged attackers to execute arbitrary code on host systems by injecting malicious configuration content.
- Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool
Google addressed a critical remote code execution (RCE) vulnerability in its AI-based Antigravity Tool. The flaw, a prompt injection vulnerability in an agentic AI product for filesystem operations, stemmed from a sanitization issue enabling sandbox escape and arbitrary code execution.