NuClide Research
Most recent
navigate open esc close Corpus index built 2026-06-07 23:58 UTC

§ Latest fieldwork

Discoveries

Featured incidents at the top, every survey, case, and coordinated disclosure below in date order. 482 items in the activity feed.

  • 0 Surveys (12mo)
  • 0 Cases (12mo)
  • 0 Disclosures (12mo)
  • 0 Total indexed
Case study · 2026-05-25 CRITICAL Flowise · Weaviate · blood donation data · Germany

A Flowise vector store exposes IT credentials and operational records from a German blood donation organization.

An unauthenticated Weaviate instance at gpt.sergogram.com holds 1,171 objects — internal IT documentation from blutspende.net, a German blood donation organization. Confirmed content: a plaintext server credential (IH-DBSERVER\operator Pw: operator), internal IP ranges, server names, BitLocker PIN conventions, and blood donation unit numbering tables. Flowise runs unauthenticated on both port 3000 and port 443. A second tenant's documents occupy the same instance.

Read the case

Cadence

Trailing 12 months

481 items · 482 indexed

Monthly publishing rate broken out by kind. Surveys are batched, cases trickle from engagements, disclosures fan out as operators respond.

MAX 460 07 25 08 25 09 25 10 25 11 25 12 25 01 26 02 26 03 26 04 26 460 05 26 21 06 26
Surveys Cases Disclosures

Activity feed

All work

24 of 482 shown

458 more items in the research and cases archives.