ZeroPath Blog & Research
Explore our team's latest research and stay up to date with ZeroPath's capabilities.
Research
•2025-07-17
•12 min read
The Security Bug That's in 73% of Codebases (Including Yours)
GitLab lost $760M. McDonald's leaked 64 million applications. We analyzed the authorization crisis plaguing modern software and found the same vulnerability class in 73% of codebases. Here's why IDORs are the new SQL injection.
ZeroPath Security Research
Research
•2024-10-29
•15 min read
Autonomous Discovery of Critical Zero-Days
Since July 2024, ZeroPath's tool has uncovered critical zero-day vulnerabilities—including RCE, authentication bypasses, and IDORs—in popular AI platforms and open-source projects. Our approach has identified security flaws in projects owned by Netflix, Salesforce, and Hulu.
Raphael Karger
Research
•2024-08-24
•10 min read
Critical RCE Vulnerability in UpTrain
ZeroPath researchers uncover a critical Remote Code Execution (RCE) vulnerability in UpTrain, a popular open-source AI platform.
Nathan Hrncirik
Research
•2024-08-24
•10 min read
Command Injection Vulnerability in Clone-Voice Project
Security researchers at ZeroPath uncover a command injection vulnerability in the popular open-source "clone-voice" project.
Nathan Hrncirik, Raphael Karger
Research
•2024-08-24
•8 min read
Fonoster VoiceServer LFI Vulnerability (CVE-2024-43035)
Security researchers at ZeroPath discovered a Local File Inclusion (LFI) vulnerability in Fonoster VoiceServer, an open-source AI project for building voice applications.
Nathan Hrncirik
Research
•2024-08-24
•12 min read
LibrePhotos Arbitrary File Upload + Path Traversal PoC
ZeroPath security researchers uncover an unauthenticated arbitrary file upload vulnerability in LibrePhotos, a popular open-source photo management solution.
Nathan Hrncirik