The new vuln of Magento has a Arbitary file upload/Remote code execution conditions.
-
Updated
Jul 6, 2026
The new vuln of Magento has a Arbitary file upload/Remote code execution conditions.
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore.
Gorse < 0.5.10 contains an authentication bypass caused by empty admin_api_key in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty admin_api_key configuration.
Gogs has Path Traversal in organization name that results in RCE through Git hooks
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value.
Add a description, image, and links to the thecodeb0ss topic page so that developers can more easily learn about it.
To associate your repository with the thecodeb0ss topic, visit your repo's landing page and select "manage topics."