CVE-2025-69285: Unauthenticated File Upload in SQLBot Allows Silent Database Overwrite Vulnerabilities AegironJanuary 22, 2026January 22, 20269 mins0 Unauthenticated File Upload Leading to Database Overwrite Vulnerability Overview CVE ID: CVE-2025-69285Affected Product: SQLBotVulnerability Type: Missing Authentication…continue reading..
CVE-2026-22849: Saleor Stored XSS Flaw Enabling Silent Token Theft and Admin Session Takeover Vulnerabilities AegironJanuary 22, 2026January 22, 20269 mins0 CVE ID: CVE-2026-22849Product: Saleor (e-commerce platform)Vulnerability Type: Stored Cross-Site Scripting (XSS)Impact Focus: Authentication token theft, session hijackingCVSS…continue reading..
CVE-2026-22807: Pre-Authentication Remote Code Execution via Unsafe Model Loading in vLLM Vulnerabilities AegironJanuary 22, 2026January 22, 202611 mins0 CVE ID: CVE-2026-22807Affected Component: vLLM (model loading / auto_map resolution)Vulnerability Type: Unsafe model loading leading to Remote…continue reading..
Critical Seroval Vulnerabilities Expose Servers to Remote Takeover and Denial-of-Service Attacks Vulnerabilities AegironJanuary 22, 2026January 22, 20268 mins0 Product Security Overview Product Name: SerovalProduct Type: Server-side JavaScript–based application framework / service runtimeDeployment Models Affected: On-premise,…continue reading..
CVE-2026-23960: Stored XSS in Argo Workflows Enables Browser-Based Privilege Abuse Vulnerabilities AegironJanuary 22, 2026January 22, 20269 mins0 Vulnerability Overview CVE ID: CVE-2026-23960Product: Argo WorkflowsVulnerability Type: Stored Cross-Site Scripting (Stored XSS)Impact Category: Privilege Abuse /…continue reading..
Critical CVAT Vulnerabilities Enable Full Admin Takeover and Silent Session Hijacking Vulnerabilities AegironJanuary 22, 2026January 22, 20269 mins0 Product overview Product: CVAT (Computer Vision Annotation Tool)Category: Web-based data annotation platform for images and videosTypical usage:…continue reading..
CVE-2026-22822: Critical External Secrets Operator Flaw Enabling Cross-Namespace Secret Theft Vulnerabilities AegironJanuary 22, 2026January 22, 20269 mins0 CVE-2026-22822 — External Secrets Operator Cross-Namespace Secret Disclosure CVE: CVE-2026-22822Affected Product: External Secrets Operator (ESO)Severity: CriticalCVSS Score:…continue reading..
CVE-2025-56005: Critical Remote Code Execution via Unsafe Pickle Deserialization in PLY Vulnerabilities AegironJanuary 22, 2026January 22, 202611 mins0 CVE: CVE-2025-56005Name: Unsafe picklefile deserialization in PLY yacc()CVSS Score: 9.8 (Critical)Severity: CriticalExploitability: Remote code execution via untrusted…continue reading..
CRYPTOGRAPHIC TRUST FAILURE: Critical SM2 Vulnerabilities Enable Key Theft, Signature Forgery, and Authentication Bypass Vulnerabilities AegironJanuary 22, 2026January 22, 20268 mins0 sm-crypto – SM2 Cryptographic Implementation Failures Product & Component Details (At a Glance) Field Value Product sm-crypto…continue reading..
CVE-2026-23518: Critical JWT Authentication Bypass Enables Rogue Windows Device Enrollment in Fleet Vulnerabilities AegironJanuary 22, 2026January 22, 202613 mins0 CVE-2026-23518 Overview CVE Identifier: CVE-2026-23518Severity: CriticalCVSS v4 Base Score: 9.3 – very high severityPrimary Affected Component: Fleet…continue reading..
