Researchers have identified multiple severe security flaws in the Coolify self-hosting platform, including command injection vulnerabilities that could allow attackers to execute arbitrary code and gain root access. Users are urged to update to fixed versions immediately, as around 52,890 instances are currently exposed.

The article details eight vulnerabilities in Claude Code that allow arbitrary command execution without user approval. It explains how flaws in the permission model and regex blocklists can be exploited through various commands like `man`, `sort`, and `git`. Each method demonstrates a different oversight in command argument filtering.

TP-Link has issued a warning about two critical command injection vulnerabilities in its Omada gateway devices, which could allow attackers to execute arbitrary OS commands. One vulnerability, CVE-2025-6542, has a critical severity rating of 9.3 and can be exploited remotely without authentication, while the other, CVE-2025-6541, requires user authentication. Users are urged to apply firmware updates to mitigate these risks along with two additional severe flaws affecting the same devices.