motionEye's missing authentication on ActionHandler allows unauthenticated camera action execution
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
Mise's local credential_command executes untrusted config
Mise vulnerable to arbitrary command execution via task-include files in an untrusted, config-less repository
mise HTTP backend uses raw version path for install symlink destination
OctoPrint has possible file exfiltration via query parameters on upload endpoints
Glances has arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration
Budibase has nonymous NoSQL operator injection via published-app query templates
AVideo has an incomplete fix of CVE-2026-33482: sanitizeFFmpegCommand still allows a single '&' (background operator), giving OS command execution at the same execAsync sh -c sink
Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS
OpenAM Unauthenticated Session Hijacking via Information Exposure in CDCServlet
OpenAM Authenticated Privilege Escalation via Raw Token Disclosure Session RPC
OctoPrint has XSS in its Suppressed Command Notifications
Gogs Vulnerable to Unauthenticated Organization Teams Information Disclosure via API
Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)
Gogs has Path Traversal in organization name that results in RCE through Git hooks
Gogs: LFS dedupe path leaks private repo content across tenants
Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym
Gogs allows users to write to readonly repositories using receive-pack + service=git-upload-pack confusion
Gogs's password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES