Agentic AI As a Cybersecurity Attack Surface: Threats, Exploits, and Defenses in Runtime Supply Chains

Agentic systems built on large language models LLMs extend beyond text generation to autonomously retrieve information and invoke tools. This runtime execution model shifts the attack surface from build-time artifacts to inference-time dependencies, exposing agents to manipulation through untrust...

Tassos Framework 访问控制错误漏洞

Tassos Framework is a development framework created by Tassos Marinos. The Tassos Framework has a security vulnerability related to access control. This vulnerability arises from insufficient restrictions during the processing of certain AJAX requests, which may lead to improper invocation of...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2026-1442)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1442 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

ROS-20260216-73-0029

A vulnerability in the RMI component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely t...

ROS-20260216-73-0030

A vulnerability in the RMI component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely t...

ROS-20260216-73-0027

A vulnerability in the RMI component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely t...

SUSE-SU-2026:0504-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - CVE-2026-21925: Fixed a vulnerability in the Oracle Java SE component RMI. bsc1257034 - CVE-2026-21932: Fixed a vulnerability in the Oracle Java SE component AWT and JavaFX. bsc1257036 - CVE-2026-21933: Fixed a vulnerability in the...

Alibaba Cloud Linux 3 : 0034: java-17-openjdk (ALINUX3-SA-2026:0034)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0034 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-64720: LIBPNG is a reference...

MGASA-2026-0035 Updated golang packages fix security vulnerabilities

net/http: memory exhaustion in Request.ParseForm. CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives. CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level. CVE-2025-61730 cmd/go: bypass of flag sanitization can lead to...

Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: CVE-2026-21925: Fixed a vulnerability in the Oracle Java SE component RMI. bsc1257034 CVE-2026-21932: Fixed a vulnerability in the Oracle Java SE component AWT and JavaFX. bsc1257036 CVE-2026-21933: Fixed a vulnerability in the Oracle...

SUSE-SU-2026:0441-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - CVE-2026-21925: Fixed a vulnerability in the Oracle Java SE component RMI. bsc1257034 - CVE-2026-21932: Fixed a vulnerability in the Oracle Java SE component AWT and JavaFX. bsc1257036 - CVE-2026-21933: Fixed a vulnerability in the...

CVE-2026-25805

Zed Editor (multiplayer code editor) before version 0.219.4 fails to reveal the parameters used when invoking a tool and does not show post-invocation parameters, creating a potential for unnoticed use of unwanted or malicious values. A fix is included in 0.219.4 which adds expandable tool call d...

Zed 安全漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.219.4 contained security vulnerabilities. These vulnerabilities stemmed from insufficient display of tool invocation parameters, allowing malicious values to be used without being detected by users...

CVE-2026-25592

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the SessionsPythonPlugin process. An attacker can write arbitrary files to the filesystem by supplying crafted arguments to the DownloadFileAsync or UploadFileAsync functions. Workaround This vulnerability can be...

CVE-2026-25592

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.70.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

CVE-2026-25592

The CVE-2026-25592 entry affects Microsoft's Semantic Kernel .NET SDK, specifically the SessionsPythonPlugin, with an Arbitrary File Write vulnerability present prior to version 1.70.0. The issue allows writing files to arbitrary locations via the plugin, and the fixed version is Microsoft.Semant...

CVE-2026-25592 Semantic Kernel has an Arbitrary File Write via AI Agent Function Calling in .NET SDK

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK

Impact What kind of vulnerability is it? Who is impacted? An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and...

GHSA-2WW3-72RP-WPP4 Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK

Impact What kind of vulnerability is it? Who is impacted? An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and...