Gogs patches critical zero-day enabling remote code execution
Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). […]
Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). […]
The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first on SecurityWeek.
Warten auf Sicherheitspatch: Self-hosted-Git-Service Gogs ist verwundbarAlertheise Security Quelle: Heise Security Ticker
Eine kritische Sicherheitslücke lässt Angreifer Gogs-Server per Pull-Request vollständig kompromittieren. Einen Patch gibt es bisher nicht. (Sicherheitslücke, Server)
An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. […]
One of LEGO’s coolest sets gets a rare price reduction.
n8n supply chain attack Malicious npm pagackages were used to attempt to obtain user OAUTH credentials for NPM. https://www.endorlabs.com/learn/n8mare-on-auth-street-supply-chain-attack-targets-n8n-ecosystem Gogs 0-Day Exploited in the Wild An at the time unpachted flaw in Gogs was exploited to compromise git repos. https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit Telegram Proxy Link Abuse Telegram proxy links have been abused to deanonymize users https://x.com/GangExposed_RU/status/2009961417781457129