Lucene search
K

240 matches found

Packet Storm News
Packet Storm News
added 2025/07/08 12:0 a.m.6 views

Bridging AI and Software Security: a Comparative Vulnerability Assessment of LLM Agent Deployment Paradigms

Large Language Model LLM agents face security vulnerabilities spanning AI-specific and traditional software domains, yet current research addresses these separately. This study bridges this gap through comparative evaluation of Function Calling architecture and Model Context Protocol MCP deployme...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/05 1:47 p.m.2 views

Malicious code in calling-an-api (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e35c18add1f54ce7dfa19f1c98983a68e10d2796262bd72bf8233fe7e6276aae Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:18 a.m.5 views

CVE-2023-41824

An implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling data...

2.8CVSS6.6AI score0.00143EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:25 a.m.1 views

CVE-2023-21172

In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS6.8AI score0.00097EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:57 a.m.7 views

CVE-2023-42469

The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component...

3.3CVSS6.8AI score0.00309EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:9 a.m.8 views

CVE-2022-24188

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...

7.5CVSS6.9AI score0.00483EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:18 p.m.7 views

CVE-2022-1659

Vulnerable versions of the JupiterX Core = 2.0.6 plugin register an AJAX action jupiterxconditionalmanager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the subaction parameter. This can be used to view...

7.5CVSS6.6AI score0.00819EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:44 p.m.5 views

CVE-2021-39981

Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call...

5.3CVSS6.1AI score0.00469EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:43 p.m.4 views

CVE-2021-39659

In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed f...

5.5CVSS6.3AI score0.00109EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/22 12:41 p.m.2 views

Malicious code in calling-extensions-sdk-demo-minimal-js (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/05/22 12:41 p.m.1 views

MAL-2025-4167 Malicious code in calling-extensions-sdk-demo-minimal-js (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:7 a.m.7 views

CVE-2014-9530

A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact...

9.8CVSS7AI score0.01162EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.9 views

Lessons from Defending Gemini against Indirect Prompt Injections

Gemini is increasingly used to perform tasks on behalf of users, where function-calling and tool-use capabilities enable the model to access user data. Some tools, however, require access to untrusted data introducing risk. Adversaries can embed malicious instructions in untrusted data which caus...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/22 12:0 a.m.4 views

DoomArena: a Framework for Testing AI Agents against Evolving Security Threats

We present DoomArena, a security evaluation framework for AI agents. DoomArena is designed on three principles: 1 It is a plug-in framework and integrates easily into realistic agentic frameworks like BrowserGym for web agents and $τ$-bench for tool calling agents; 2 It is configurable and allows...

7AI score
Exploits0
OSV
OSV
added 2025/01/30 4:55 p.m.6 views

MAL-2025-639 Malicious code in calling-integration-sdk-demo-react-ts (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/12/16 12:0 a.m.6 views

The vulnerability of the EVGA Precision X1 system’s software relates to the unsafe use of privileges, allowing a violator to increase their privileges.

The vulnerability of the EVGA Precision X1 system’s software relates to insecure handling of privileges. Exploiting this vulnerability could allow an attacker to elevate their privileges to “NT AUTHORITY\SYSTEM” by associating \Device\PhysicalMemory with the calling process...

7.8CVSS7.5AI score0.00605EPSS
Exploits1References3Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2024/11/24 12:0 a.m.16 views

Bootiful Spring Boot 3.4: Spring AI

I love Spring AI. It’s an amazing project designed to bring the patterns and practices of AI engineering to the Spring Boot developer. It’s got clean idiomatic abstractions that’ll make any Sring developer feel right at home, and it has a ton of integrations with all manner of different vector...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2024/10/21 6:2 p.m.23 views

CVE-2024-49953 net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling xfrmstatedelete twice The km.state is not checked in driver's delayed work. When xfrmstatecheckexpire is called, the state can be reset to XFRMSTATEEXPIRED, even if it is XFRMSTATEDEAD...

0.00302EPSS
Exploits0References4
OSV
OSV
added 2024/10/16 2:48 p.m.7 views

MAL-2024-9305 Malicious code in ts-calling-test-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0db756d26a3007b10201297415dfaa2cf6315b37f9ef0b88fa32feac6aaf42bd The OpenSSF Package Analysis project identified 'ts-calling-test-app' @ 1.999.0 npm as malicious. It is considered malicious because: - The...

7.3AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 2:48 p.m.3 views

Malicious code in ts-calling-test-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0db756d26a3007b10201297415dfaa2cf6315b37f9ef0b88fa32feac6aaf42bd The OpenSSF Package Analysis project identified 'ts-calling-test-app' @ 1.999.0 npm as malicious. It is considered malicious because: - The...

7.1AI score
Exploits0
Rows per page
Query Builder