Articles
Daily digests summarizing the vulnerabilities and incidents tracked by VulnWatch.
-
· 28 entries · daily · Subscribers only
VulnWatch Daily: Agentic Frameworks Crisis & Local LLM UI Risks
Critical sandbox escapes in PraisonAI and auth bypasses in SillyTavern dominate today's digest. MCP ecosystem and RAG platforms also show significant supply chain risks requiring immediate patching.
-
· 17 entries · daily · Subscribers only
VulnWatch Daily: Critical RCEs in AI Agents and Build Pipelines
Today's digest highlights critical remote code execution risks in Langroid, BentoML, and Langflow, alongside a significant cluster of Symfony framework vulnerabilities affecting enterprise integrations.
-
· 17 entries · daily · Subscribers only
VulnWatch Daily: MCP RCE, Supply Chain Worms, and MLflow Risks
Critical MCP RCEs and a renewed npm worm campaign dominate today's digest. MLflow and AutoGPT users must patch immediately to prevent agent compromise.
-
· 102 entries · weekly
VulnWatch Weekly: MCP Security Crisis & Model Loading RCE Surge
This week exposes critical risks in Model Context Protocol implementations, unsafe model deserialization in PyTorch/Diffusers, and agentic RCE chains. Immediate patching required for SOCFortress, ART, and Open WebUI.
-
· 41 entries · daily · Subscribers only
VulnWatch Daily: Critical Agent RCE and Open WebUI Access Control Flaws
41 new vulnerabilities reported today, including critical RCE in DeepSeek TUI and widespread access control failures in Open WebUI. Immediate patching recommended for AI agent frameworks.
-
· 9 entries · daily · Subscribers only
VulnWatch Daily: Agentic Auth Bypasses and CLI RCE Risks Surge
Critical MCP authorization flaws and local CLI RCE vulnerabilities dominate today's digest. Security teams must audit agent tooling and desktop clients immediately.
-
· 19 entries · daily · Subscribers only
VulnWatch Daily: Agentic Platform Risks & MCP Server Exposures
Critical vulnerabilities in JunoClaw and MCP servers highlight agentic security gaps. Enterprise copilots and inference engines also face injection and stability risks.
-
· 19 entries · daily · Subscribers only
VulnWatch Daily: Critical MCP RCEs and Auth Bypasses Flood AI Stack
May 11 brings critical flaws in MCP servers, MLflow, and Open WebUI. Immediate patching required for agentic frameworks and model serving platforms.
-
· 99 entries · weekly
VulnWatch Weekly: Agentic RCE Surge & LiteLLM Exploitation
Critical RCEs plague agent platforms like FastGPT and PraisonAI. LiteLLM SQLi is actively exploited. Supply chain risks rise with PyTorch Lightning compromise.
-
· 36 entries · daily · Subscribers only
VulnWatch Daily: Critical RCE Surges in AI Agent Sandboxes and Gateways
36 vulnerabilities disclosed today highlight severe RCE risks in FastGPT, LiteLLM, and Open WebUI. Immediate patching recommended for agent platforms and model gateways to prevent compromise.
-
· 15 entries · daily · Subscribers only
VulnWatch Daily: Supply Chain Compromises and Agentic SSRF Risks
Critical supply chain compromises hit PyTorch Lightning while new SSRF vectors emerge in MCP servers. Plus, sandbox escapes in vm2 and widespread Copilot injection flaws.
-
· 19 entries · daily · Subscribers only
VulnWatch Daily: Critical MCP Server Flaws and Agent RCE Risks Surge
Today's digest highlights critical path traversal and prompt injection flaws in MCP servers and AI agents, including Langflow and SQLBot. Immediate patching is recommended for exposed instances.
-
· 30 entries · weekly
Langflow Floods, MCP Risks, and Ollama Windows RCE
This week saw a cascade of vulnerabilities in IBM Langflow, critical RCE risks in Ollama for Windows, and emerging threats in the Model Context Protocol ecosystem. Security teams must prioritize patching agentic frameworks and securing local AI deployments.
-
· 12 entries · daily · Subscribers only
VulnWatch Daily: Critical RCEs in Gemini CLI, Ray, and LiteLLM Proxy
Critical RCEs impact Gemini CLI and Ray pipelines. LiteLLM faces SQLi and SSTI. LangChain SSRF and Stripe webhook bypasses also featured. Immediate patching recommended for CI/CD and serving layers.
-
· 24 entries · daily · Subscribers only
VulnWatch Daily: Flowise Critical Swarm and Agentic RCE Risks
April 23, 2026: Critical RCE in Paperclip, 18+ CVEs in Flowise, and agentic consent bypasses demand immediate patching and network isolation.