arbitrary code execution
Coverage of arbitrary code execution in the Nexus archive.
- Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
A critical remote code execution (RCE) vulnerability has been disclosed in Gogs, an open-source self-hosted Git service, allowing authenticated users to execute arbitrary code. The flaw is rated 9.4 on the CVSS scoring system and currently lacks a CVE identifier.
- Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Google has patched a critical security vulnerability (CVSS 10) in the Gemini CLI npm package and GitHub Actions workflow, which could have enabled unprivileged attackers to execute arbitrary code on host systems by injecting malicious configuration content.
- Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool
Google addressed a critical remote code execution (RCE) vulnerability in its AI-based Antigravity Tool. The flaw, a prompt injection vulnerability in an agentic AI product for filesystem operations, stemmed from a sanitization issue enabling sandbox escape and arbitrary code execution.