No one wants to be pwned by a drive-by RCE

A Berlin startup has disclosed a remote-code-execution (RCE) vulnerability and a wormable cross-site-scripting (XSS) flaw in Pling, which is used by various Linux desktop theme marketplaces.…

The text above is a summary, you can read full article here.