Authentication bypass in Zitadel identity platform (versions 3.0.0-3.4.11 and 4.0.0-4.15.1) allows an attacker who has obtained a victim's authorization code, refresh token, or device authorization grant to redeem it under a different OAuth client registered on the same instance, because the server fails to validate the client_id binding required by RFC 6749 §4.1.3. No public exploit identified at time of analysis; CVSS 7.4 with high attack complexity reflects the requirement that the attacker first intercept the code or token through a separate weakness such as XSS, log exposure, or referrer leakage.
Local privilege escalation in ANSSI's DFIR-ORC versions 10.2.7 and prior allows a low-privileged local user to gain administrator rights by planting a malicious DLL in C:\Windows\Temp, which the tool loads automatically when extracted and executed from that shared directory. The flaw is a classic uncontrolled search path (CWE-427) issue and was reported by INCIBE; no public exploit identified at time of analysis and the CVE is not in CISA KEV. The vendor has shipped a fix in DFIR-ORC v10.3.0, which adds ACL hardening on extraction directories.
Server-Side Request Forgery in the CF7 to Webhook WordPress plugin (versions up to and including 5.0.0) allows unauthenticated attackers to coerce the WordPress server into issuing arbitrary outbound HTTP requests through the pull_the_trigger functionality. Exploitation is conditional on an administrator configuring the webhook URL with a Contact Form 7 field placeholder inside the host portion of the URL, with the form publicly reachable. No public exploit identified at time of analysis, and there is no CISA KEV listing for this vulnerability.
Path traversal in SEPPmail Secure Email Gateway versions before 15.0.5 allows authenticated remote attackers to write files outside the intended directory by manipulating attachment filenames processed during encrypted PDF generation. Files can be placed in web-accessible locations, enabling potential webshell deployment and integrity compromise. No public exploit identified at time of analysis; the issue was reported by NCSC.ch and is fixed in 15.0.5.
Missing authorization in Kirby CMS lets authenticated users read the full content and metadata of pages they are not permitted to access via the /api/site/find REST route. It affects sites where a user role has the pages.access permission disabled (through user blueprints, model blueprint options, or a combination), on Kirby <= 4.9.3 and 5.0.0-alpha.1 through 5.4.3. No public exploit identified at time of analysis; the flaw is read-only and cannot be used for write access, and the CVSS 4.0 vector rates confidentiality impact High (score 7.1).
Information disclosure in PraisonAI before 1.5.115 allows authenticated agents to read other agents' system prompts and conversation history by exploiting missing uniqueness enforcement on agent identifiers in the MultiAgentLedger component. An attacker who can register an agent with a colliding ID receives the same ledger instance as the victim, breaking tenant isolation in multi-agent deployments. No public exploit identified at time of analysis, though the upstream GHSA advisory (GHSA-766v-q9x3-g744) publishes a working proof-of-concept demonstrating the collision.
Agent impersonation in Woodpecker CI 3.0.0 through 3.14.0 allows any authenticated agent to assume the identity of any other agent on the same server by injecting a forged agent_id into outgoing gRPC metadata. The server validates the JWT correctly but then trusts the client-supplied agent_id over the cryptographically verified one, enabling cross-tenant job hijacking and integrity compromise of CI pipelines. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Heap out-of-bounds write in OpenEXR 3.4.0 through 3.4.11 lets an attacker who supplies a crafted HTJ2K-compressed EXR file trigger memory corruption during decoding, via an integer overflow in the HTJ2K decoder ht_undo_impl(). Any application that decodes untrusted EXR images using the affected OpenEXRCore library is at risk, with potential for memory corruption and possible code execution. No public exploit has been identified at time of analysis; EPSS risk is low (0.17%, 7th percentile) and CISA SSVC rates exploitation as none.
Disk exhaustion denial-of-service in Significant Gravitas AutoGPT prior to version 0.6.63 allows authenticated platform users to crash the host by abusing the AddAudioToVideoBlock and StepThroughItemsBlock workflow components. By looping MediaDurationBlock through unbounded StepThroughItemsBlock iterations against URLs that trigger screenshots, attackers fill the working directory with undeleted temporary media files until disk space is exhausted. No public exploit identified at time of analysis, and EPSS data was not supplied.
Database-resource exhaustion in UBB.threads forum software (confirmed in version 7.7.5) allows an authenticated low-privileged user to deny service to the entire application by issuing concurrent profile-view requests. The flaw, reported by CERT-PL and tracked as CWE-405 (Asymmetric Resource Consumption), produces high availability impact (CVSS 4.0 VA:H, 7.1) with no confidentiality or integrity loss. There is no public exploit identified at time of analysis and the vulnerability is not on the CISA KEV list.
Stored cross-site scripting in Cotonti 1.0.0 (master branch, commit f43f1fc3) lets an authenticated user inject HTML/JavaScript into Personal File Storage (PFS) folder titles, which then execute in any viewer's browser when the folder listing is rendered. The flaw stems from the 'TXT' import filter not encoding HTML combined with unescaped template output, and no public exploit identified at time of analysis. Discovered by TuranSec; impact extends to other users browsing public folders, enabling session theft or account actions in their context.
Arbitrary code execution as root on the host running Docker MCP Gateway via argument injection in the `docker run` command line. A malicious OCI image author can craft an `io.docker.server.metadata` label that YAML-unmarshals into runtime-shaping fields of the `catalog.Server` struct, causing the gateway to append attacker-chosen flags like `-v /:/host` and `-u root` when launching the MCP server container. No public exploit identified at time of analysis, but the upstream advisory describes a full exploitation path.