Articles
Daily digests summarizing the vulnerabilities and incidents tracked by VulnWatch.
-
· 10 entries · daily · Subscribers only
VulnWatch Daily: Critical Agent Escapes and Model Serving RCE
Today's digest highlights critical vulnerabilities in CodeWhale agents, vllm model serving, and AnythingLLM. Immediate patching is recommended for agentic workflows.
-
· 19 entries · daily · Subscribers only
VulnWatch Daily: Critical Agent Control Bypasses and Twig RCE Cluster
19 new vulnerabilities reported today including active Langflow exploitation, critical MCP auth bypasses, and a massive cluster of Twig RCEs affecting AI rendering pipelines.
-
· 16 entries · daily · Subscribers only
VulnWatch: NVIDIA Inference Stack Critical Flaws & AI Supply Chain Risks
Critical authentication bypasses in NVIDIA Triton and deserialization risks in TRT-LLM dominate today's digest. Plus, new supply chain threats in Diffusers and agent tooling.
-
· 17 entries · daily · Subscribers only
VulnWatch Daily: MCP RCE, Supply Chain Worms, and MLflow Risks
Critical MCP RCEs and a renewed npm worm campaign dominate today's digest. MLflow and AutoGPT users must patch immediately to prevent agent compromise.
-
· 17 entries · daily · Subscribers only
VulnWatch Daily: Critical RCE in SGLangs and ChromaDB; Mistral Supply Chain
Today's digest highlights critical RCE vulnerabilities in SGLangs and ChromaDB, alongside a confirmed malicious dropper in the Mistral AI PyPI package. Immediate patching and supply chain verification are required.
-
· 102 entries · weekly
VulnWatch Weekly: MCP Security Crisis & Model Loading RCE Surge
This week exposes critical risks in Model Context Protocol implementations, unsafe model deserialization in PyTorch/Diffusers, and agentic RCE chains. Immediate patching required for SOCFortress, ART, and Open WebUI.
-
· 11 entries · daily · Subscribers only
VulnWatch Daily: Open WebUI Auth Bypasses and APM Supply Chain Risks
Today's digest highlights critical access control failures in Open WebUI and supply chain vulnerabilities in Microsoft APM. MLflow and AVideo also report high-severity issues.
-
· 41 entries · daily · Subscribers only
VulnWatch Daily: Critical Agent RCE and Open WebUI Access Control Flaws
41 new vulnerabilities reported today, including critical RCE in DeepSeek TUI and widespread access control failures in Open WebUI. Immediate patching recommended for AI agent frameworks.
-
· 9 entries · daily · Subscribers only
VulnWatch Daily: Agentic Auth Bypasses and CLI RCE Risks Surge
Critical MCP authorization flaws and local CLI RCE vulnerabilities dominate today's digest. Security teams must audit agent tooling and desktop clients immediately.
-
· 19 entries · daily · Subscribers only
VulnWatch Daily: Agentic Platform Risks & MCP Server Exposures
Critical vulnerabilities in JunoClaw and MCP servers highlight agentic security gaps. Enterprise copilots and inference engines also face injection and stability risks.
-
· 19 entries · daily · Subscribers only
VulnWatch Daily: Critical MCP RCEs and Auth Bypasses Flood AI Stack
May 11 brings critical flaws in MCP servers, MLflow, and Open WebUI. Immediate patching required for agentic frameworks and model serving platforms.
-
· 99 entries · weekly
VulnWatch Weekly: Agentic RCE Surge & LiteLLM Exploitation
Critical RCEs plague agent platforms like FastGPT and PraisonAI. LiteLLM SQLi is actively exploited. Supply chain risks rise with PyTorch Lightning compromise.
-
· 36 entries · daily · Subscribers only
VulnWatch Daily: Critical RCE Surges in AI Agent Sandboxes and Gateways
36 vulnerabilities disclosed today highlight severe RCE risks in FastGPT, LiteLLM, and Open WebUI. Immediate patching recommended for agent platforms and model gateways to prevent compromise.
-
· 11 entries · daily · Subscribers only
VulnWatch Daily: Critical Agent RCE and Multi-Tenant Isolation Failures
Eleven new vulnerabilities impact AI infrastructure today, including critical RCE in PraisonAI and multi-tenant isolation bugs in Axonflow. Immediate patching is recommended for model serving and agent frameworks.
-
· 19 entries · daily · Subscribers only
VulnWatch Daily: Critical MCP Server Flaws and Agent RCE Risks Surge
Today's digest highlights critical path traversal and prompt injection flaws in MCP servers and AI agents, including Langflow and SQLBot. Immediate patching is recommended for exposed instances.