CVE-2023-54333: Unauthenticated SQL Injection in Social-Share-Buttons Plugin Leading to Full WordPress Database Compromise Vulnerabilities AegironJanuary 14, 2026January 14, 20268 mins0 SQL Injection Vulnerability — Full Database Compromise Risk Vulnerability Overview Executive Summary This vulnerability exists because the…continue reading..
CVE-2025-68472: Unauthenticated Path Traversal in MindsDB Leads to Arbitrary File Disclosure Vulnerabilities AegironJanuary 14, 2026January 14, 202613 mins0 CVE Name: CVE-2025-68472Product: MindsDB (AI training and inference platform)Severity: HighCVSS Score: ~8.8 (High)Exploitability: Easy — unauthenticatedExploit Available:…continue reading..
CVE-2025-14279: MLflow DNS Rebinding Attack Enables Silent ML Experiment Takeover Vulnerabilities AegironJanuary 14, 2026January 14, 202614 mins0 CVE: CVE-2025-14279Affected Product: MLflow Tracking Server (versions up to 3.4.0)CVSSv3 Score: 8.1 (High)Severity: HighExploitability: The flaw can…continue reading..
CVE-2022-50917: ProtonVPN Windows Service Misconfiguration Enables Local SYSTEM-Level Takeover Vulnerabilities AegironJanuary 14, 2026January 14, 20269 mins0 Unquoted Service Path Vulnerability (WireGuard Service) CVE ID: CVE-2022-50917Product: ProtonVPN Windows ClientAffected Component: ProtonVPN WireGuard Windows ServiceAffected…continue reading..
CVE-2025-68271: Critical Unauthenticated Remote Code Execution in OpenC3 COSMOS via JSON-RPC Eval Abuse Vulnerabilities AegironJanuary 14, 2026January 14, 202612 mins0 CVE: CVE-2025-68271Product: OpenC3 COSMOSAffected Versions: Versions between 5.0.6 up through 6.10.1Patched Version: 6.10.2 — use this version…continue reading..
CVE-2023-54330: Critical Remote Code Execution Flaw in Inbit Messenger Exposes Systems to Full Takeover Vulnerabilities AegironJanuary 14, 2026January 14, 20269 mins0 Vulnerability Type: Remote Stack-Based Buffer Overflow → Remote Code Execution (RCE) At-a-glance What this vulnerability is CVE-2023-54330…continue reading..
CVE-2023-54339: Critical Unauthenticated Remote Command Execution in Webgrind 1.1 Vulnerabilities AegironJanuary 14, 2026January 14, 202614 mins0 Unauthenticated Remote Command Execution (RCE)** At a Glance Executive Summary Webgrind 1.1 has a serious flaw in…continue reading..
CVE-2025-63314: Static Password Reset Token Enables Full Account Takeover in Acora CMS Vulnerabilities AegironJanuary 14, 2026January 14, 20268 mins0 Vulnerability Type: Authentication / Password Reset Logic FlawImpact: Full Account TakeoverSeverity: CriticalCVSS v3.1 Score: 10.0 (Critical)Attack Vector:…continue reading..
CVE-2025-46070 & CVE-2025-46066: Critical Automai Vulnerabilities Enable Remote Code Execution and Full Administrative Compromise Vulnerabilities AegironJanuary 14, 2026January 14, 20268 mins0 Vendor: AutomaiAffected Products: Automai BotManager, Automai DirectorAffected Version: 25.2.0Risk Level: CriticalAttack Surface: Network / Application / Privilege…continue reading..
CVE-2026-23478: Critical Authentication Bypass Allowing Full Account Takeover in Cal.com Vulnerabilities AegironJanuary 14, 2026January 14, 20268 mins0 Vulnerability Overview CVE ID: CVE-2026-23478Product: Cal.comVulnerability Type: Authentication Bypass / Authorization Logic FlawAffected Component: Custom NextAuth JWT…continue reading..
