CVE-2025-14542 Command execution in python-utcp allows attackers to achieve remote code execution when fetching a remote Manual from a malicious endpoint

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

EUVD-2025-203260

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

CVE-2025-14542

The CVE-2025-14542 issue affects the Python UTCP client library (utcp) where the client trusts a tool’s JSON Manual from a remote Manual Endpoint. A malicious remote Manual can alter the specification to execute arbitrary commands on the client, enabling remote code execution. Remediation provide...

Universal Tool Calling Protocol 安全漏洞

Universal Tool Calling Protocol is an official python implementation library for UTCP in the Universal Tool Calling Protocol open source. A security vulnerability exists in Universal Tool Calling Protocol that originates when a client obtains the JSON specification of a tool from a remote Manual...

PCIe Specification Issues

Summary PCIe SIG in industry coordination with CERT CC is releasing details on three PCIe specification issues...

CVE-2023-53745 um: vector: Fix memory leak in vector_config

In the Linux kernel, the following vulnerability has been resolved: um: vector: Fix memory leak in vectorconfig If the return value of the umlparsevectorifspec function is NULL, we should call kfreeparams to prevent memory leak...

[SECURITY] Fedora 42 Update: pack-0.38.2-1.fc42

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

[SECURITY] Fedora 43 Update: pack-0.38.2-1.fc43

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

Security update for nvidia-container-toolkit

This update for nvidia-container-toolkit fixes the following issues: Update to version 1.18.0: This is a major release and includes the following high-level changes: The default mode of the NVIDIA Container Runtime has been updated to make use of a just-in-time-generated CDI specification instead...

RampoNN: A Reachability-Guided System Falsification for Efficient Cyber-Kinetic Vulnerability Detection

Detecting kinetic vulnerabilities in Cyber-Physical Systems CPS, vulnerabilities in control code that can precipitate hazardous physical consequences, is a critical challenge. This task is complicated by the need to analyze the intricate coupling between complex software behavior and the system's...

HSEC-2023-0002 Improper Verification of Cryptographic Signature

Improper Verification of Cryptographic Signature The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandate...

Malicious code in teagood-namakai87 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3ca9fc6404774d2a17d8eab505986e185191cd999604f18b616f429ff0906c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-81555 Malicious code in suspicious_lungfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fe30f6b35dc8851e4f3053bcf93c47e27805a93768ef3d082d1db530df42682 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-74440 Malicious code in maya-teh57-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d690d0f8d5149d943837d63f1d137b75a7cb398a5dcb272c403f9935cbfec5d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

runc 安全漏洞

runc is an Open Container Initiative open source CLI Command Line Interface tool for generating and running containers according to the OCI specification. A security vulnerability exists in runc versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, which...

CVE-2025-62256

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers...

CVE-2025-40016

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

CVE-2025-40016 media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

CVE-2025-55339 Windows Network Driver Interface Specification (NDIS) Driver Elevation of Privilege Vulnerability

...

Windows Network Driver Interface Specification (NDIS) Driver Elevation of Privilege Vulnerability

Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally...