Tag

Argument Injection

3 briefs RSS

Gogs Zero-Day Vulnerability Enables Remote Code Execution

An unpatched argument injection vulnerability in Gogs (versions 0.14.2 and 0.15.0+dev) allows authenticated attackers to achieve remote code execution (RCE) on vulnerable instances, potentially leading to complete server compromise.

exploited Gogs 0.14.2 +1 rce zero-day argument injection

2r 1t 5c 3w ago

high advisory

exiftool-vendored Argument Injection Vulnerability

2 rules 1 TTP

exiftool-vendored is vulnerable to argument injection (CVE-2026-43893) via newline characters in tag names, potentially allowing attackers to read or write files accessible to the ExifTool process by injecting arguments through caller-supplied strings.

exiftool-vendored argument-injection exiftool cve-2026-43893

2r 1t Jan 3, 2024

critical advisory

Gotenberg ExifTool Argument Injection via Metadata Values

2 rules 1 TTP

Gotenberg version 8.30.1 and earlier is vulnerable to argument injection, where an unauthenticated attacker can inject arbitrary ExifTool pseudo-tags via newline characters in metadata values, leading to arbitrary file manipulation within the container filesystem.

Gotenberg <= 8.30.1 argument-injection vulnerability container

2r 1t Jan 2, 2024