We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the...

PT-2026-32556

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

CVE-2025-12805

CVE-2025-12805 describes a flaw in Red Hat OpenShift AI (RHOAI) llama-stack-operator where Llama Stack services deployed in different namespaces can be accessed via direct network requests because no NetworkPolicy restricts the llama-stack service endpoint. This allows a user in one namespace to ...

LeakIX Search

This module uses the LeakIX API to search for exposed services and data leaks. LeakIX is a search engine focused on indexing internet-exposed services and leaked credentials/databases. An API key is required free at https://leakix.net. Actions: SEARCH - Query LeakIX with a search string and scope...

EUVD-2025-208196

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...

CVE-2026-23647

The CVE-2026-23647 advisory describes Glory RBG-100 recycler systems using the ISPK-08 software with hard-coded operating-system credentials embedded across multiple local accounts, including admin-privileged ones. An attacker with network access to exposed services (e.g., SSH) can authenticate u...

CVE-2025-52694

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrato...

EUVD-2018-11900

Malware in sbrugna...

CVE-2024-6538

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

CVE-2024-6538 Openshift-console: openshift console: server-side request forgery

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

Known Indicators of Compromise Associated with Androxgh0st Malware

Actions to take today to mitigate malicious cyber activity: 1. Prioritize patching known exploited vulnerabilities in internet-facing systems. 2. Review and ensure only necessary servers and services are exposed to the internet. 3. Review platforms or services that have credentials listed in .env...

SYS.2.3.A17

Die Nutzung von Systemaufrufen SOLLTE insbesondere fuer exponierte Dienste und Anwendungen auf die unbedingt notwendige Anzahl beschraenkt werden z. B. durch seccomp. Die vorhandenen Standardprofile bzw. -regeln von SELinux, AppArmor sowie alternativen Erweiterungen SOLLTEN manuell ueberprueft un...

SYS.1.3.A16

Die Nutzung von Systemaufrufen SOLLTE insbesondere fuer exponierte Dienste und Anwendungen auf die unbedingt notwendige Anzahl beschraenkt werden. Die Standardprofile bzw. -regeln von z. B. SELinux, AppArmor SOLLTEN manuell ueberprueft und unter Umstaenden an die eigenen Sicherheitsrichtlinien...

U.S. Dept Of Defense: Unauthorized access to admin panel of the Questionmark Perception system at https://██████████

Summary: Due to the lack of access control, an anonymous attacker can compromise the administrator account on the Questionmark Perception system. Description: By using the service description which publicly accessible on the internet, and by bypassing the access control, an anonymous attacker can...

Top 5 Configuration Mistakes That Create Field Days for Hackers

Sometimes it’s the little things that lead to big consequences. When it comes to cybersecurity, hacks more often than not stem from minor missteps – or even completely preventable, obvious mistakes. Common security mistakes and overlooked misconfigurations can open the door for attackers to drop...

CVE-2019-1647 Cisco SD-WAN Solution Unauthorized Access Vulnerability

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit thi...

CVE-2019-1647 Cisco SD-WAN Solution Unauthorized Access Vulnerability

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit thi...

GHSA-RWG6-3FMJ-W4WX tkinter is malware

The tkinter package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern...

GHSA-894F-RW44-QRW5 mongose is malware

The mongose package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern...

CVE-2018-15386

A vulnerability in Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An...