Sandbox escape in JetBrains YouTrack before 2025.3.131383 allows high-privileged users to execute arbitrary code on the server. The vulnerability affects all YouTrack versions prior to 2025.3.131383 and is classified as both an authentication bypass and server-side template injection (SSTI). EPSS scoring indicates 0% exploitation probability with no evidence of active exploitation or public POCs. Despite a CVSS score of 7.2, the requirement for high-level administrative privileges significantly constrains real-world attack surface to insider threats or compromised admin accounts.
Integer underflow in miniupnpd's SOAPAction header parser triggers out-of-bounds memory reads, enabling adjacent network attackers to crash UPnP-enabled routers or leak sensitive memory contents without authentication. Affects miniupnpd versions prior to 2.3.10. Vendor patch available via commit a0ee71e9fa66. CVSS 7.1 with adjacent network vector (AV:A) indicates attackers must be on the same local network segment as the vulnerable device. No active exploitation confirmed in CISA KEV at time of analysis.
Path traversal in ByteDance DeerFlow's bootstrap-mode custom-agent creation allows authenticated remote attackers to write arbitrary files outside intended directories. Affected versions prior to commit 2176b2b fail to validate agent names, enabling directory traversal sequences (../) or absolute paths to bypass containment controls. Successful exploitation achieves arbitrary file write subject to application process permissions, enabling configuration tampering, code injection, or denial of service. Vendor patch available via GitHub commit 2176b2b. EPSS data unavailable; not currently listed in CISA KEV. Publicly available exploit code exists (GitHub PR #2274 demonstrates vulnerability).
CSRF protection bypass in PAC4J authentication library allows remote attackers to forge state-changing requests without victim consent by exploiting hash collisions in Java's String.hashCode() function. Affects PAC4J 5.x before 5.7.10 and 6.x before 6.4.1, requiring victim interaction (visiting malicious site). EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability. No active exploitation confirmed (not in CISA KEV). CERT-PL disclosed the vulnerability with vendor patches now available.