What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop. The artifact moved from a...

CVE-2026-7415

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...

CVE-2026-7415

The CVE-2026-7415 vulnerability affects the MQTT broker embedded in Yarbo firmware v2.3.9. The broker is configured to allow anonymous connections with no topic-level read/write ACLs, enabling any host on the same network to subscribe to sensitive telemetry topics or publish control messages dire...

CVE-2026-7415 Open MQTT orchestration without read/write ACLs in Yarbo robot firmware

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...

CVE-2026-7415

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...

Authentication Bypass

Ollama is vulnerable to an Authentication Bypass. The vulnerability is due to where critical model management APIs are exposed without access controls, allowing remote attackers to perform unauthorized operations without authentication...

CVE-2023-23327

An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls...

PT-2024-28670 · Avtec · Avtec Outpost

Name of the Vulnerable Software and Affected Versions: Avtec Outpost affected versions not specified Description: The issue concerns the storage of sensitive information in an insecure location without proper access controls in place. Recommendations: At the moment, there is no information about ...

CVE-2023-23327

An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls...

Knime Server 安全漏洞

A security vulnerability exists in Knime, the Swiss company's enterprise software for putting data science workflows into production, which stems from the fact that when an administrator password is saved in a file without file access controls, its contents can be read by all local users. No...

The vulnerability of the Database Gateway for ODBC component of the Oracle Database Server allows a hacker to gain full control over the application.

The vulnerability of the Oracle Database Server ODBC driver’s database server lies in its lack of access control mechanisms. Exploiting this vulnerability allows an attacker to gain full control over the application through the OracleNet network protocol...