Back
Or_Peles_headshot1.jpg

Or Peles

JFrog Senior Security Researcher

Or is a Senior Security Researcher at JFrog Security, specializing in vulnerability research. With over 17 years of experience and strong reverse engineering expertise, he focuses on discovering and exploiting zero-day vulnerabilities in applications and operating systems. Earlier in his career, he was a member of IBM’s X-Force team, conducting vulnerability research.

The Latest From Or Peles

  • Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients
    | 12 min read

    The JFrog Security Research team has recently discovered and disclosed CVE-2025-6514 - a critical (CVSS 9.6) security vulnerability in the mcp-remote project - a popular tool used by Model Context Protocol clients. The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it initiates a connection to an untrusted…

    Read More  

  • Machine Learning Bug Bonanza – Exploiting ML Clients and “Safe” Model Formats
    | 15 min read

    In our previous blog post in this series we showed how the immaturity of the Machine Learning (ML) field allowed our team to discover and disclose 22 unique software vulnerabilities in ML-related projects, and we analyzed some of these vulnerabilities that allowed attackers to exploit various ML services. In this post, we will again dive…

    Read More  

  • Machine Learning Bug Bonanza – Exploiting ML Services
    | 18 min read

    JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment. In our previous research on MLOps we noted the immaturity of the Machine Learning (ML) field often results in a higher amount of discovered…

    Read More