Container-to-host privilege escalation in Docker/moby daemon allows a malicious container image to execute arbitrary code as host root when a user uploads a compressed (xz or gzip) archive into the container via `PUT /containers/{id}/archive` or `docker cp -`. The daemon resolves the decompression binary (e.g., `unpigz`, `xz`) from the container's filesystem rather than the host's, so a trojanized binary baked into the image runs with daemon privileges. No public exploit identified at time of analysis, and the issue is not in the CISA KEV catalog.
Path traversal in steipete/summarize prior to 0.15.1 lets authenticated callers of the /v1/summarize daemon endpoint write slide_*.png and slides.json files to arbitrary directories by supplying an absolute path or traversal sequences in the slidesDir parameter, and subsequently delete matching files via repeat extraction. The flaw, reported by VulnCheck and patched in v0.15.2, enables file write and limited destructive impact across the filesystem; no public exploit identified at time of analysis.
Authenticated session hijacking in Significant Gravitas AutoGPT versions 0.6.36 through 0.6.50 allows any logged-in user to take over another user's session via an IDOR flaw in the PATCH /sessions/{session_id}/assign-user endpoint. An attacker who can guess or otherwise learn a target session_id can reassign that session to themselves, read its conversation contents, and lock the legitimate owner out. No public exploit identified at time of analysis, and the issue is fixed in 0.6.51 per the upstream GHSA-q58p-v9r9-7gqj advisory.
Denial of service in MongoDB Server 7.0, 8.0, and 8.2 allows authenticated remote attackers to crash the database by inserting documents that trigger updates to a maliciously created '2dsphere_bucket' or 'queryable_encrypted_range' index on a non-timeseries bucket collection. The flaw stems from a reachable assertion (CWE-617) and is reported by MongoDB itself with a vendor patch available; no public exploit identified at time of analysis.
Denial of service in M-Files Server versions prior to 26.5.16015.0, 26.2 LTS, and 25.8 LTS SR3 allows an authenticated remote attacker to crash the MFserver process, disrupting document management services for all connected users. The flaw is reachable over the network with low privileges and no user interaction, but has no impact on confidentiality or integrity. No public exploit identified at time of analysis, and the issue is not present in CISA KEV.