240 matches found
CVE-2025-48507
The security state of the calling processor into Trusted Firmware TF-A is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC...
Exploiting Web Search Tools of AI Agents for Data Exfiltration
Large language models LLMs are now routinely used to autonomously execute complex tasks, from natural language processing to dynamic workflows like web searches. The usage of tool-calling and Retrieval Augmented Generation RAG allows LLMs to process and retrieve sensitive corporate data, amplifyi...
EUVD-2021-26337
Malware in sbrugna...
EUVD-2014-6481
Malware in sbrugna...
EUVD-2021-26016
Malware in sbrugna...
EUVD-2022-29099
Malicious code in bioql PyPI...
EUVD-2025-8114
Malicious code in bioql PyPI...
EUVD-2023-38255
Malicious code in bioql PyPI...
EUVD-2023-35542
Malicious code in bioql PyPI...
EUVD-2023-46316
Malicious code in bioql PyPI...
EUVD-2025-28979
Malicious code in bioql PyPI...
Malicious code in onnxruntime-winml (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5566aa4ecc644b36e90902092563c05e1852d751381539398f2307ae1fbefae6 Package is just calling home and there is no other purpose --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also anything th...
Mind the Gap: Evaluating Model- and Agentic-Level Vulnerabilities in LLMs with Action Graphs
As large language models transition to agentic systems, current safety evaluation frameworks face critical gaps in assessing deployment-specific risks. We introduce AgentSeer, an observability-based evaluation framework that decomposes agentic executions into granular action and component graphs,...
CVE-2025-48531
In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48531
In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48531
In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-32323
CVE-2025-32323: In Shared.java getCallingAppName, input validation allows deceptive permission-popup text to trick users into granting file access. This enables local elevation of privilege, with no additional execution privileges and no user interaction required. Affected: Android framework code...
PT-2025-35657
Name of the Vulnerable Software and Affected Versions Dive versions 0.9.0 through 0.9.3 Description Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Versions 0.9.0 through 0.9.3 contain a Remote Code Execution RCE vulnerability triggered by ...
Linux Distros Unpatched Vulnerability : CVE-2022-37325
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a...
Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-16592)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A security vulnerability exists in Huawei HarmonyOS an...