Monthly
Remote code execution in Metabase (open-source business intelligence platform) versions 1.54.0 through the fixed releases lets a user holding database-connection management rights run arbitrary code on the Metabase server. By pointing a Snowflake connection at an attacker-controlled server, a flaw in the bundled Snowflake JDBC driver writes attacker files anywhere on the host, overwriting one of Metabase's own driver files that later executes inside the Metabase process. There is no public exploit identified at time of analysis, but the vendor rates it CVSS 10.0 and a vendor security advisory (GHSA-r6x2-rchx-q9g9) confirms both the flaw and fixed versions.
Authenticated arbitrary file write in the Grav CMS Form plugin (versions before 9.1.8) allows attackers to plant PHP webshells in the web root by abusing the process.save.filename parameter. The filename is checked for path traversal before Twig rendering but never re-validated afterward, so traversal sequences reconstructed during template evaluation bypass the guard. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; the flaw was disclosed by VulnCheck via a coordinated GitHub security advisory.
Arbitrary file write in yutu, a Go-based YouTube CLI and MCP server, lets any caller of the built-in `caption-download` MCP tool place attacker-controlled bytes at any filesystem path the yutu process can write to. The vulnerable `Caption.Download()` calls `os.Create()` on the caller-supplied `file` parameter, bypassing the `YUTU_ROOT` (`pkg.Root`/`os.OpenRoot`) confinement that every other caption write path enforces. Publicly available exploit code exists (a self-contained Docker PoC ships with the advisory); the flaw is not in CISA KEV and no active exploitation is reported, and the vendor has released a fixed version (0.10.9-dev1).
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an already-authenticated local attacker to gain elevated (SYSTEM-level) privileges across a broad range of Windows client and server releases from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Reported internally by Microsoft with a patch available, the flaw carries CVSS 7.8 with full confidentiality, integrity, and availability impact but no confirmed active exploitation; no public exploit identified at time of analysis.
External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Local privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an already-authenticated database user to gain higher privileges on the host by controlling a file name or path used by the server engine. The CVSS 3.1 base score is 7.8 with high impact to confidentiality, integrity, and availability, and Microsoft has released a patch. There is no public exploit identified at time of analysis, and the CVE is not in CISA KEV.
GitLab API request redirection in zereight's mcp-gitlab (gitlab-mcp) MCP server lets attackers who control the job_id parameter escape the intended /jobs/ path prefix and reach arbitrary GitLab REST API endpoints under the operator's personal access token. Because the token is a bearer of the operator's full GitLab privileges, a crafted value such as '../../../user' resolves to /api/v4/user (or any other resource), turning a scoped job lookup into broad unauthorized data access. No public exploit was identified at time of analysis, and it is not listed in CISA KEV, but the flaw is trivially triggerable and was reported by VulnCheck with a vendor fix committed.
Authenticated arbitrary file write in OpenPLC Runtime v3 lets a logged-in user of the legacy web UI escalate to native code execution on the host running the automation controller. The program-upload workflow stores the attacker-supplied prog_file filename in the Programs.File database field and later reuses it unvalidated as a destination path; because Python os.path.join() honors absolute paths, files can be written anywhere the webserver process can write. Reported by ICS-CERT (CISA ICS advisory ICSA-26-190-01); no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary file overwrite in Coturn prior to 4.13.0 is possible through the CLI management interface's `psd` (print sessions dump) command, which passes a user-supplied filename directly to `fopen()` without any path validation (CWE-73). An authenticated admin with CLI access can overwrite any file writable by the coturn process, potentially corrupting sensitive system files, certificates, or configuration data to achieve privilege escalation or service disruption. No public exploit identified at time of analysis; exploitation is constrained to local, high-privilege access, limiting realistic threat surface despite the High integrity and availability impact ratings.
Arbitrary file access in JetBrains TeamCity before 2026.1.2 lets an authenticated user abuse the Perforce (P4) VCS integration to read files outside intended boundaries on the TeamCity server host. The flaw (CWE-73, external control of file name or path) was self-reported by JetBrains and is fixed in 2026.1.2; no public exploit identified at time of analysis, and it is not listed in CISA KEV. With PR:L in the CVSS vector, exploitation requires a low-privilege account that can define or influence a Perforce VCS root, making it a realistic post-authentication threat on shared CI servers.
Remote code execution in Metabase (open-source business intelligence platform) versions 1.54.0 through the fixed releases lets a user holding database-connection management rights run arbitrary code on the Metabase server. By pointing a Snowflake connection at an attacker-controlled server, a flaw in the bundled Snowflake JDBC driver writes attacker files anywhere on the host, overwriting one of Metabase's own driver files that later executes inside the Metabase process. There is no public exploit identified at time of analysis, but the vendor rates it CVSS 10.0 and a vendor security advisory (GHSA-r6x2-rchx-q9g9) confirms both the flaw and fixed versions.
Authenticated arbitrary file write in the Grav CMS Form plugin (versions before 9.1.8) allows attackers to plant PHP webshells in the web root by abusing the process.save.filename parameter. The filename is checked for path traversal before Twig rendering but never re-validated afterward, so traversal sequences reconstructed during template evaluation bypass the guard. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; the flaw was disclosed by VulnCheck via a coordinated GitHub security advisory.
Arbitrary file write in yutu, a Go-based YouTube CLI and MCP server, lets any caller of the built-in `caption-download` MCP tool place attacker-controlled bytes at any filesystem path the yutu process can write to. The vulnerable `Caption.Download()` calls `os.Create()` on the caller-supplied `file` parameter, bypassing the `YUTU_ROOT` (`pkg.Root`/`os.OpenRoot`) confinement that every other caption write path enforces. Publicly available exploit code exists (a self-contained Docker PoC ships with the advisory); the flaw is not in CISA KEV and no active exploitation is reported, and the vendor has released a fixed version (0.10.9-dev1).
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an already-authenticated local attacker to gain elevated (SYSTEM-level) privileges across a broad range of Windows client and server releases from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Reported internally by Microsoft with a patch available, the flaw carries CVSS 7.8 with full confidentiality, integrity, and availability impact but no confirmed active exploitation; no public exploit identified at time of analysis.
External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Local privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an already-authenticated database user to gain higher privileges on the host by controlling a file name or path used by the server engine. The CVSS 3.1 base score is 7.8 with high impact to confidentiality, integrity, and availability, and Microsoft has released a patch. There is no public exploit identified at time of analysis, and the CVE is not in CISA KEV.
GitLab API request redirection in zereight's mcp-gitlab (gitlab-mcp) MCP server lets attackers who control the job_id parameter escape the intended /jobs/ path prefix and reach arbitrary GitLab REST API endpoints under the operator's personal access token. Because the token is a bearer of the operator's full GitLab privileges, a crafted value such as '../../../user' resolves to /api/v4/user (or any other resource), turning a scoped job lookup into broad unauthorized data access. No public exploit was identified at time of analysis, and it is not listed in CISA KEV, but the flaw is trivially triggerable and was reported by VulnCheck with a vendor fix committed.
Authenticated arbitrary file write in OpenPLC Runtime v3 lets a logged-in user of the legacy web UI escalate to native code execution on the host running the automation controller. The program-upload workflow stores the attacker-supplied prog_file filename in the Programs.File database field and later reuses it unvalidated as a destination path; because Python os.path.join() honors absolute paths, files can be written anywhere the webserver process can write. Reported by ICS-CERT (CISA ICS advisory ICSA-26-190-01); no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary file overwrite in Coturn prior to 4.13.0 is possible through the CLI management interface's `psd` (print sessions dump) command, which passes a user-supplied filename directly to `fopen()` without any path validation (CWE-73). An authenticated admin with CLI access can overwrite any file writable by the coturn process, potentially corrupting sensitive system files, certificates, or configuration data to achieve privilege escalation or service disruption. No public exploit identified at time of analysis; exploitation is constrained to local, high-privilege access, limiting realistic threat surface despite the High integrity and availability impact ratings.
Arbitrary file access in JetBrains TeamCity before 2026.1.2 lets an authenticated user abuse the Perforce (P4) VCS integration to read files outside intended boundaries on the TeamCity server host. The flaw (CWE-73, external control of file name or path) was self-reported by JetBrains and is fixed in 2026.1.2; no public exploit identified at time of analysis, and it is not listed in CISA KEV. With PR:L in the CVSS vector, exploitation requires a low-privilege account that can define or influence a Perforce VCS root, making it a realistic post-authentication threat on shared CI servers.