240 matches found
Bridging AI and Software Security: a Comparative Vulnerability Assessment of LLM Agent Deployment Paradigms
Large Language Model LLM agents face security vulnerabilities spanning AI-specific and traditional software domains, yet current research addresses these separately. This study bridges this gap through comparative evaluation of Function Calling architecture and Model Context Protocol MCP deployme...
Malicious code in calling-an-api (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e35c18add1f54ce7dfa19f1c98983a68e10d2796262bd72bf8233fe7e6276aae Any computer that has this package installed or running should be considered...
CVE-2023-41824
An implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling data...
CVE-2023-21172
In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-42469
The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component...
CVE-2022-24188
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...
CVE-2022-1659
Vulnerable versions of the JupiterX Core = 2.0.6 plugin register an AJAX action jupiterxconditionalmanager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the subaction parameter. This can be used to view...
CVE-2021-39981
Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call...
CVE-2021-39659
In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed f...
Malicious code in calling-extensions-sdk-demo-minimal-js (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-4167 Malicious code in calling-extensions-sdk-demo-minimal-js (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2014-9530
A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact...
Lessons from Defending Gemini against Indirect Prompt Injections
Gemini is increasingly used to perform tasks on behalf of users, where function-calling and tool-use capabilities enable the model to access user data. Some tools, however, require access to untrusted data introducing risk. Adversaries can embed malicious instructions in untrusted data which caus...
DoomArena: a Framework for Testing AI Agents against Evolving Security Threats
We present DoomArena, a security evaluation framework for AI agents. DoomArena is designed on three principles: 1 It is a plug-in framework and integrates easily into realistic agentic frameworks like BrowserGym for web agents and $τ$-bench for tool calling agents; 2 It is configurable and allows...
MAL-2025-639 Malicious code in calling-integration-sdk-demo-react-ts (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
The vulnerability of the EVGA Precision X1 system’s software relates to the unsafe use of privileges, allowing a violator to increase their privileges.
The vulnerability of the EVGA Precision X1 system’s software relates to insecure handling of privileges. Exploiting this vulnerability could allow an attacker to elevate their privileges to “NT AUTHORITY\SYSTEM” by associating \Device\PhysicalMemory with the calling process...
Bootiful Spring Boot 3.4: Spring AI
I love Spring AI. It’s an amazing project designed to bring the patterns and practices of AI engineering to the Spring Boot developer. It’s got clean idiomatic abstractions that’ll make any Sring developer feel right at home, and it has a ton of integrations with all manner of different vector...
CVE-2024-49953 net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling xfrmstatedelete twice The km.state is not checked in driver's delayed work. When xfrmstatecheckexpire is called, the state can be reset to XFRMSTATEEXPIRED, even if it is XFRMSTATEDEAD...
MAL-2024-9305 Malicious code in ts-calling-test-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0db756d26a3007b10201297415dfaa2cf6315b37f9ef0b88fa32feac6aaf42bd The OpenSSF Package Analysis project identified 'ts-calling-test-app' @ 1.999.0 npm as malicious. It is considered malicious because: - The...
Malicious code in ts-calling-test-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0db756d26a3007b10201297415dfaa2cf6315b37f9ef0b88fa32feac6aaf42bd The OpenSSF Package Analysis project identified 'ts-calling-test-app' @ 1.999.0 npm as malicious. It is considered malicious because: - The...