Articles
Daily digests summarizing the vulnerabilities and incidents tracked by VulnWatch.
-
· 28 entries · daily · Subscribers only
VulnWatch Daily: Agentic Frameworks Crisis & Local LLM UI Risks
Critical sandbox escapes in PraisonAI and auth bypasses in SillyTavern dominate today's digest. MCP ecosystem and RAG platforms also show significant supply chain risks requiring immediate patching.
-
· 16 entries · daily · Subscribers only
VulnWatch: NVIDIA Inference Stack Critical Flaws & AI Supply Chain Risks
Critical authentication bypasses in NVIDIA Triton and deserialization risks in TRT-LLM dominate today's digest. Plus, new supply chain threats in Diffusers and agent tooling.
-
· 17 entries · daily · Subscribers only
VulnWatch Daily: MCP RCE, Supply Chain Worms, and MLflow Risks
Critical MCP RCEs and a renewed npm worm campaign dominate today's digest. MLflow and AutoGPT users must patch immediately to prevent agent compromise.
-
· 102 entries · weekly
VulnWatch Weekly: MCP Security Crisis & Model Loading RCE Surge
This week exposes critical risks in Model Context Protocol implementations, unsafe model deserialization in PyTorch/Diffusers, and agentic RCE chains. Immediate patching required for SOCFortress, ART, and Open WebUI.
-
· 41 entries · daily · Subscribers only
VulnWatch Daily: Critical Agent RCE and Open WebUI Access Control Flaws
41 new vulnerabilities reported today, including critical RCE in DeepSeek TUI and widespread access control failures in Open WebUI. Immediate patching recommended for AI agent frameworks.
-
· 99 entries · weekly
VulnWatch Weekly: Agentic RCE Surge & LiteLLM Exploitation
Critical RCEs plague agent platforms like FastGPT and PraisonAI. LiteLLM SQLi is actively exploited. Supply chain risks rise with PyTorch Lightning compromise.
-
· 36 entries · daily · Subscribers only
VulnWatch Daily: Critical RCE Surges in AI Agent Sandboxes and Gateways
36 vulnerabilities disclosed today highlight severe RCE risks in FastGPT, LiteLLM, and Open WebUI. Immediate patching recommended for agent platforms and model gateways to prevent compromise.
-
· 15 entries · daily · Subscribers only
VulnWatch Daily: Supply Chain Compromises and Agentic SSRF Risks
Critical supply chain compromises hit PyTorch Lightning while new SSRF vectors emerge in MCP servers. Plus, sandbox escapes in vm2 and widespread Copilot injection flaws.
-
· 11 entries · daily · Subscribers only
VulnWatch Daily: Critical Agent RCE and Multi-Tenant Isolation Failures
Eleven new vulnerabilities impact AI infrastructure today, including critical RCE in PraisonAI and multi-tenant isolation bugs in Axonflow. Immediate patching is recommended for model serving and agent frameworks.
-
· 12 entries · daily · Subscribers only
VulnWatch Daily: Critical RCE in Agentic Frameworks and Ollama Memory Leaks
Today's digest highlights critical command injection flaws in Evolver and PPTAgent, alongside high-severity memory leaks in Ollama. Platform teams should prioritize patching agent runtimes and reviewing file upload policies.
-
· 3 entries · daily · Subscribers only
VulnWatch Daily: MCP RCE, Ollama Path Traversal, and LLM Data Leaks
Today's digest covers critical supply-chain risks in MCP servers, path traversal in Ollama model transfers, and information disclosure in SmythOS connectors. Immediate patching and configuration reviews are advised.
-
· 51 entries · weekly
Flowise Floods Critical RCEs; Agentic Frameworks Under Siege
This week saw an unprecedented cascade of critical vulnerabilities in Flowise, alongside severe agentic bypasses in Paperclip and Gemini CLI. Immediate patching is required for LLM orchestration layers.