CVE-2026-2275 CVE-2026-2275

The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling...

PT-2026-3261

Name of the Vulnerable Software and Affected Versions Dive versions prior to 0.13.0 Description Dive is an open-source MCP Host Desktop Application that integrates with function-calling LLMs. A crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user...

Blue Teaming Function-Calling Agents

We present an experimental evaluation that assesses the robustness of four open source LLMs claiming function-calling capabilities against three different attacks, and we measure the effectiveness of eight different defences. Our results show how these models are not safe by default, and how the...

PT-2025-35657

Name of the Vulnerable Software and Affected Versions Dive versions 0.9.0 through 0.9.3 Description Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Versions 0.9.0 through 0.9.3 contain a Remote Code Execution RCE vulnerability triggered by ...

Bridging AI and Software Security: a Comparative Vulnerability Assessment of LLM Agent Deployment Paradigms

Large Language Model LLM agents face security vulnerabilities spanning AI-specific and traditional software domains, yet current research addresses these separately. This study bridges this gap through comparative evaluation of Function Calling architecture and Model Context Protocol MCP deployme...

CVE-2022-1659

Vulnerable versions of the JupiterX Core = 2.0.6 plugin register an AJAX action jupiterxconditionalmanager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the subaction parameter. This can be used to view...

Lessons from Defending Gemini against Indirect Prompt Injections

Gemini is increasingly used to perform tasks on behalf of users, where function-calling and tool-use capabilities enable the model to access user data. Some tools, however, require access to untrusted data introducing risk. Adversaries can embed malicious instructions in untrusted data which caus...

Bootiful Spring Boot 3.4: Spring AI

I love Spring AI. It’s an amazing project designed to bring the patterns and practices of AI engineering to the Spring Boot developer. It’s got clean idiomatic abstractions that’ll make any Sring developer feel right at home, and it has a ton of integrations with all manner of different vector...

Improper Authorization in Select Permissions

Due to the order in which permissions were processed, some statements, filters and computations could lead to leaking field values or record contents to users without the required permissions. This behavior could be triggered in different scenarios: - When performing a SELECT operation on a table...

Spring AI with Ollama Tool Support

Earlier this week, Ollama introduced an exciting new feature: tool support for Large Language Models LLMs. Today, we're thrilled to announce that Spring AI 1.0.0-SNAPSHOT has fully embraced this powerful feature, bringing Ollama's function calling capabilities to the Spring ecosystem. Ollama's to...

Function Calling in Java and Spring AI using the latest Mistral AI API

UPDATE: As of March 13, 2024, Mistral AI has integrated support for parallel function calling into their large model, a feature that was absent at the time of this blog's initial publication. Mistral AI, a leading developer of open-source large language models, unveiled the addition of Function...

recreateMinipool may not be called

Lines of code Vulnerability details Impact recreateMinipool may not be called Proof of Concept To resolve M-09, the fix is that: function recordStakingEndThenMaybeCycle address nodeID, uint256 endTime, uint256 avaxTotalRewardAmt external payable whenNotPaused int256 minipoolIndex =...

FLARE Script Series: Automating Obfuscated String Decoding

Introduction We are expanding our script series beyond IDA Pro. This post extends the FireEye Labs Advanced Reverse Engineering FLARE script series to an invaluable tool for the reverse engineer – the debugger. Just like IDA Pro, debuggers have scripting interfaces. For example, OllyDbg uses an...