CVE-2026-24779: High-Risk SSRF Flaw in vLLM Lets Attackers Slip Past Host Restrictions Using Crafted URLs Vulnerabilities AegironJanuary 31, 2026January 31, 20269 mins0 CVE-2026-24779 — vLLM SSRF via Host Restriction Bypass CVE: CVE-2026-24779Product: vLLMAffected Versions: vLLM versions prior to 0.14.1Vulnerability…continue reading..
CVE-2026-24770: Critical RAGFlow MinerU Zip Slip Flaw Enables Remote Code Execution via Malicious ZIP Uploads Vulnerabilities AegironJanuary 31, 2026January 31, 202611 mins0 CVE-2026-24770 CVE ID: CVE-2026-24770Product: RAGFlow – MinerU ingestion componentAffected Versions: All versions ≤ 0.23.1Vulnerability Type: Zip Slip…continue reading..
CVE-2026-24765: Silent PHPUnit Test Runs Can Turn CI Pipelines into a Code-Execution Trap Vulnerabilities AegironJanuary 31, 2026January 31, 20269 mins0 CVE-2026-24765 – Unsafe Deserialization Leading to Code Execution in PHPUnit CVE ID: CVE-2026-24765Component: PHPUnit – PHPT Code…continue reading..
CVE-2026-24747: “Trusted” PyTorch Model Files Can Trigger Memory Corruption and Lead to Remote Code Execution Vulnerabilities AegironJanuary 31, 2026January 31, 202613 mins0 CVE-2026-24747 – PyTorch Memory Corruption via Pickle Leading to Potential RCE CVE ID: CVE-2026-24747Severity: HighCVSS v3.1 Score:…continue reading..
CVE-2026-24741: High-Severity ConvertX Flaw Lets Attackers Delete Arbitrary Server Files via Simple Path Traversal Vulnerabilities AegironJanuary 31, 2026January 31, 20268 mins0 Vulnerability Overview CVE ID: CVE-2026-24741Product: ConvertXAffected Versions: All versions prior to 0.17.0Fixed Version: 0.17.0 and laterSeverity: HighCVSS…continue reading..
CVE-2026-24740: Breaking Dozzle Flaw Allows Low-Privilege Users to Bypass Container Isolation and Spawn Unauthorized Root Shells Vulnerabilities AegironJanuary 31, 2026January 31, 20269 mins0 Vulnerability Overview CVE ID: CVE-2026-24740Affected Product: Dozzle (Container Log Viewer with Shell/Exec capability)Affected Versions: All versions below…continue reading..
Critical Flaws Expose SolarWinds Web Help Desk to Silent Takeover and Full System Compromise Vulnerabilities AegironJanuary 31, 2026January 31, 20267 mins0 SolarWinds Web Help Desk Product: SolarWinds Web Help DeskApplication Stack: Java (JVM), Embedded Web Server, Backend APIsTrust…continue reading..
Grafana Hit by High-Risk Vulnerabilities Enabling Privilege Escalation and Service Disruption Vulnerabilities AegironJanuary 31, 2026January 31, 20269 mins0 Product Overview Grafana is a widely used open-source observability and visualization platform. It enables organizations to build…continue reading..
175,000 Ollama AI Servers Found Exposed Online, Raising Global Security Concerns Uncategorized CyberDefenderJanuary 30, 2026January 30, 20264 mins0 A joint investigation by SentinelOne’s SentinelLABS and Censys has uncovered approximately 175,000 publicly accessible Ollama AI server…continue reading..
New Critical SmarterMail Vulnerability Allows Attackers to Take Over Mail Servers Without Authentication CyberSecurity News CyberDefenderJanuary 30, 2026January 30, 20267 mins0 CVE-2026-24423 is a critical unauthenticated remote code execution (RCE) vulnerability in SmarterTools SmarterMail.The flaw exists in an…continue reading..
