EUVD-2026-33800

In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45594

In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Universal Tool Calling Protocol 操作系统命令注入漏洞

Universal Tool Calling Protocol is an official Python implementation of the UTCP open-source protocol. Versions prior to 1.1.3 of Universal Tool Calling Protocol contained a vulnerability related to operating system command injection. This vulnerability stemmed from the substituteutcpargs method...

Universal Tool Calling Protocol 安全漏洞

Universal Tool Calling Protocol is an official Python implementation of the UTCP open-source protocol. Versions prior to 1.1.3 of Universal Tool Calling Protocol contained security vulnerabilities; these vulnerabilities stemmed from the prepareenvironment method passing complete environment...

Universal Tool Calling Protocol 代码问题漏洞

Universal Tool Calling Protocol is an official Python implementation of the UTCP open-source protocol. Versions prior to 1.1.3 of Universal Tool Calling Protocol had code vulnerabilities, which stemmed from inconsistent trust boundaries and could lead to man-in-the-middle server request forgery...

OrchJail: Jailbreaking Tool-Calling Text-To-Image Agents by Orchestration-Guided Fuzzing

Tool-calling text-to-image T2I agents can plan and execute multi-step tool chains to accomplish complex generation and editing queries. However, this capability introduces a new safety attack surface: harmful outputs may arise from tool orchestration, where individually benign steps combine into...

CVE-2026-43153

A flaw was found in the Linux kernel's XFS filesystem. The xfsattrleafhasname function has a problematic calling convention that can lead to incorrect buffer handling. This issue can result in the use of already released memory buffers, potentially causing memory corruption or system instability....

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: The calling convention for prepslavesg has been corrected. The calling convention for prepslavesg requires returning NULL in case of an error, along with providing an error log to the system. However, qcom-ad...

Your Agent Is More Brittle Than You Think: Uncovering Indirect Injection Vulnerabilities in Agentic LLMs

The rapid deployment of open-source frameworks has significantly advanced the development of modern multi-agent systems. However, expanded action spaces, including uncontrolled privilege exposure and hidden inter-system interactions, pose severe security challenges. Specifically, Indirect Prompt...

Denial of Service Vulnerability in Multiple Apple Products (CNVD-2026-19045)

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A denial of service vulnerability exists in multiple Apple products, which is caused by improper input...

CVE-2026-2275 CVE-2026-2275

The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling...

Apple多款产品 安全漏洞

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A denial of service vulnerability exists in multiple Apple products, which is caused by improper input...

Cisco Unified Communications Manager (CUCM) Remote Code Execution (cisco-sa-voice-rce-mORhqY4b)

According to its self-reported version, the remote Cisco Unified Communications Manager is affected by a remot code execution vulnerability: - A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco...

Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications CM products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild. The vulnerability, CVE-2026-20045 CVSS...

CVE-2026-20045

A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could...

EUVD-2026-3600

A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could...

Cisco’s various products have security vulnerabilities

Cisco Unity Connection, among others, are products of the American company Cisco. Cisco Unity Connection is a voice messaging platform. Cisco Unified Communications Manager is a call processing component within unified communication systems. Cisco Unified Communications Manager IM & Presence is a...

Cisco Unified Communications Products Code Injection Vulnerability

Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance contain a code injection...

PT-2026-3261

Name of the Vulnerable Software and Affected Versions Dive versions prior to 0.13.0 Description Dive is an open-source MCP Host Desktop Application that integrates with function-calling LLMs. A crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user...

CVE-2026-22694 AliasVault is Missing Origin Validation in Android Passkey Credential Provider

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...