LeakIX blog

12,000 Ollama Instances Exposed: When 'Local-First' Meets the Real World

Mon, 23 Feb 2026 09:00:00 +0000

Ollama is one of the most popular tools for running large language models locally. 100,000+ stars on GitHub, millions of downloads, the default choice for anyone who wants to self-host an LLM. There’s just one problem: it ships with no authentication, and the maintainers have made it clear they don’t plan to add any.

We found 12,269 Ollama instances exposed on the public internet with zero authentication. Anyone can list models, run inference, and in some cases exfiltrate proprietary fine-tuned weights.

SeleniumGreed: The RCE That Was Always There

Sat, 21 Feb 2026 14:00:00 +0000

TL;DR

Every Selenium Grid instance deployed with Firefox nodes is vulnerable to unauthenticated remote code execution. Not “was” - is. The technique was reported to Selenium in May 2021. Their response: better documentation and an optional basic auth flag. The actual vulnerability was never patched and works on every Grid version through 4.40.0 (the latest release at the time of writing).

Chrome had a similar issue via binary override, patched in Grid 4.11.0. Wiz Research focused their 2024 SeleniumGreed paper on Chrome. They missed Firefox entirely - and that’s the one that still works everywhere.

We wrote a unified Metasploit module that auto-detects available browsers and picks the best attack vector. Firefox preferred, Chrome as fallback.

What We Found Scanning the Internet in 2026

Mon, 09 Feb 2026 12:00:00 +0000

One of our scans recently picked up an open vector database. Inside: over a hundred pages of internal documents related to uranium mining operations. No authentication, no access control - just a Qdrant instance sitting on the public internet with indexed, searchable documents about one of the most sensitive industries on the planet.

That’s the kind of thing we find now. Here’s how we got here.

Using their own weapons for defense - A SharePoint story

Wed, 23 Jul 2025 07:00:00 +0000

Exploring our adventure while building detection for SharePoint exploitation and vulnerability.

Vinchin Backup & Recovery: CVE-2024-22899 to CVE-2024-22903

Thu, 25 Jan 2024 21:23:33 +0100

Default SSH Root Credentials (CVE-2024-22902)
Hardcoded Database Credentials and Configuration Flaw (CVE-2024-22901)
Post-Authentication Remote Code Execution (RCE)
Exploitation Methods
- A. Webdriver Chrome Simulation:
- B. curl Method (using setNetworkCardInfo as example):
Deep Dive into the setNetworkCardInfo Function Vulnerability (CVE-2024-22900)
Deep Dive into the syncNtpTime Function Vulnerability (CVE-2024-22899)
Deep Dive into the deleteUpdateAPK Function Vulnerability (CVE-2024-22903)
Deep Dive into the getVerifydiyResult Function Vulnerability (CVE-2024-25228)
Full Exploit Chain

Introduction:

Vinchin Backup and Recovery is a leading data protection solution employed by large enterprises and is extensively utilized across diverse environments, including virtual, physical, and cloud platforms. While its vast feature set caters to the diverse needs of these big corporations, it is not immune to security vulnerabilities. A meticulous analysis has recently exposed a series of critical flaws that can present significant risks to its users. For more details on their product and offerings, you can visit their official website at vinchin.com.

CVE-2023-20273: IOS XE root priv escalation

Tue, 31 Oct 2023 23:20:00 +0000

On the 28th of October the exploit for CVE-2023-20198 was released by SECUINFRA after being captured on one of their honeypots.

While it enables full admin control of IOS, the question still remained about the implantation of the backdoor.

CVE-2023-45498: RCE in VinChin Backup

Sun, 15 Oct 2023 20:20:00 +0000

Update 2023-11-03: The issue has been fixed in version 7.2.

Vulnerability research

At LeakIX we analyse new vulnerabilities discovered by other researchers every day.

Our goal is to understand them, discover non-intrusive ways to detect them and provide our customers with a list of vulnerable assets.

While researching what others have already found is always an exciting challenge and provides valuable experience, it was time for us to go through the research and disclosure process first hand and get our first CVE on the board.

Cybersecurity and Social Media

Mon, 17 Jul 2023 20:20:00 +0000

Introduction

In the world of cybersecurity, we combat threats and unethical practices that extend beyond malware or phishing attacks. Our battlegrounds include social media platforms, where integrity, authenticity, and honesty are just as critical as they are in the coding and development of our products. Today, we want to shine a light on a pressing issue threatening our digital ethics: the trend of buying likes and retweets.

What we know about the China Leak

Thu, 07 Jul 2022 11:00:00 +0000

In this quick blog post we’ll see what LeakIX has indexed over this incident.

D-LINK DIR-842 Rev-B privilege escalation

Mon, 06 Jun 2022 17:00:00 +0000

In this quick blog post we’ll see how to enable Telnet on your DIR-842 rev-b

Bypassing NTLM auth over HTTP

Sun, 06 Mar 2022 17:00:00 +0000

Exploring the so-called NTLM ANONYMOUS_LOGON user through HTTP endpoints.

How we remotely identify Cisco's RV34X versions

Tue, 15 Feb 2022 17:00:00 +0000

A quick research into remotely identifying Cisco’s RV43Xs

Introducing LeakIX Graph

Fri, 21 Jan 2022 06:30:00 +0000

Take a look at our new mapping feature, visualize and make sense of Internet resources in a blink !

LeakIX tutorial

Thu, 25 Nov 2021 14:30:00 +0000

Cristi made us a tutorial video!

Go check it out and learn about filters and reports !

LeakIX Firefox Addon

Thu, 25 Nov 2021 13:30:00 +0000

An experimental Firefox extension for LeakIX has landed !

Releasing LeakIX v2

Wed, 06 Oct 2021 13:30:00 +0000

After weeks of developement and testing we’re proud to announce the release of LeakIX v2 !

LeakIX goes open source

Thu, 17 Dec 2020 13:30:00 +0000

We’re releasing a good part of the toolset we use for our indexing service to the community !

Learn more about how to use them in this post.

Managing resources and alerts

Wed, 28 Oct 2020 20:57:00 +0000

You can now add real-time monitoring on your resources and get notified by email!

New search and host details page

Sun, 25 Oct 2020 15:00:00 +0000

The old ugly host details page was sure useful, but let’s face it, it was unreadable

LeakIX user account

Sun, 25 Oct 2020 14:30:00 +0000

The index is now limited to the public, we’ll explore the limitations and how you can lift them !

Exploring Grafana dashboards

Thu, 15 Oct 2020 23:20:00 +0000

This new plugin looks for open Grafana dashboards and provides a summary.

BanqueAtlantique.net, what your config reveals

Sat, 10 Oct 2020 16:21:00 +0000

When you ask for config files nicely …

… you might as well get some!

Introduction: the "dataset" field

Thu, 08 Oct 2020 14:30:00 +0000

Searching datasets based on size and row count is now as easy as it sounds !

Hello !

Thu, 08 Oct 2020 11:00:00 +0000

Introducing … the blog

Search

Mon, 01 Jan 0001 00:00:00 +0000