Lucene search
K

17 matches found

Spring Security Advisories
Spring Security Advisories
added 2026/06/16 12:0 a.m.9 views

This Week in Spring - June 16th, 2026

Hi Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from the oh-so-delightful and delicious! city of New Delhi, India. It's been a real privilege to come and visit so many amazing people. Last night my friend DaShaun and I presented here at the local Delhi JUG,...

5.3AI score
Exploits0
NVD
NVD
added 2026/06/15 3:16 a.m.17 views

CVE-2026-12210

A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may b...

6.5CVSS0.00228EPSS
Exploits0References7
CVE
CVE
added 2026/06/15 2:30 a.m.20 views

CVE-2026-12210

CVE-2026-12210 affects the universal-tool-calling-protocol project, specifically the python-utcp 1.1.0 release, with a vulnerability in the utcp-gql/utcp-websocket component that enables server-side request forgery. The description notes a remote, public exploit and a lack of vendor response. The...

6.5CVSS6.3AI score0.00228EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49172

A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may b...

6.5CVSS5.1AI score0.00228EPSS
Exploits0References8
Spring Security Advisories
Spring Security Advisories
added 2026/06/15 12:0 a.m.20 views

Tool Calling in Spring AI 2.0: A Composable, Agentic Architecture

Tool calling — the ability for an AI model to invoke application-defined functions and act on the results — is the essential building block of agentic AI systems. A model that can discover information, take action, and loop until a goal is reached is an agent. Spring AI 2.0 rearchitects tool...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Universal Tool Calling Protocol 操作系统命令注入漏洞

Universal Tool Calling Protocol is an official Python implementation of the UTCP open-source protocol. Versions prior to 1.1.3 of Universal Tool Calling Protocol contained a vulnerability related to operating system command injection. This vulnerability stemmed from the substituteutcpargs method...

8.3CVSS5.8AI score0.00272EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Universal Tool Calling Protocol 安全漏洞

Universal Tool Calling Protocol is an official Python implementation of the UTCP open-source protocol. Versions prior to 1.1.3 of Universal Tool Calling Protocol contained security vulnerabilities; these vulnerabilities stemmed from the prepareenvironment method passing complete environment...

7.7CVSS5.8AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Universal Tool Calling Protocol 代码问题漏洞

Universal Tool Calling Protocol is an official Python implementation of the UTCP open-source protocol. Versions prior to 1.1.3 of Universal Tool Calling Protocol had code vulnerabilities, which stemmed from inconsistent trust boundaries and could lead to man-in-the-middle server request forgery...

4.7CVSS5.9AI score0.00168EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.10 views

OrchJail: Jailbreaking Tool-Calling Text-To-Image Agents by Orchestration-Guided Fuzzing

Tool-calling text-to-image T2I agents can plan and execute multi-step tool chains to accomplish complex generation and editing queries. However, this capability introduces a new safety attack surface: harmful outputs may arise from tool orchestration, where individually benign steps combine into...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.3 views

Your Agent Is More Brittle Than You Think: Uncovering Indirect Injection Vulnerabilities in Agentic LLMs

The rapid deployment of open-source frameworks has significantly advanced the development of modern multi-agent systems. However, expanded action spaces, including uncontrolled privilege exposure and hidden inter-system interactions, pose severe security challenges. Specifically, Indirect Prompt...

5.9AI score
Exploits0
Snyk
Snyk
added 2025/12/13 10:40 a.m.6 views

Trust Boundary Violation

Overview utcp is an Universal Tool Calling Protocol UTCP client library for Python Affected versions of this package are vulnerable to Trust Boundary Violation. Via the remote Manual Endpoint, the client retrieves a tool’s JSON specification, known as a Manual. An attacker can execute arbitrary...

7.7CVSS7.6AI score0.0022EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.6 views

Universal Tool Calling Protocol 安全漏洞

Universal Tool Calling Protocol is an official python implementation library for UTCP in the Universal Tool Calling Protocol open source. A security vulnerability exists in Universal Tool Calling Protocol that originates when a client obtains the JSON specification of a tool from a remote Manual...

7.5CVSS6.6AI score0.0022EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2025/12/11 12:0 a.m.8 views

Smart Tool Selection: Achieving 34-64% Token Savings with Spring AI's Dynamic Tool Discovery

As AI agents connect to more services—Slack, GitHub, Jira, MCP servers—tool libraries grow rapidly. A typical multi-server setup can easily have 50+ tools consuming 55,000+ tokens before any conversation starts. Worse, tool selection accuracy degrades when models face 30+ similarly-named tools. T...

6.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/11/25 12:0 a.m.14 views

Beyond JSON: Converting Spring AI Tool Response Formats to TOON, XML, CSV, YAML, ...

JSON is the go-to format for LLM tool responses, but recent discussions around alternative formats like TOON Token-Oriented Object Notation claim potential benefits in token efficiency and performance. While the debate continues—with critical analyses pointing to context-dependent results—the...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/10 12:0 a.m.20 views

Exploiting Web Search Tools of AI Agents for Data Exfiltration

Large language models LLMs are now routinely used to autonomously execute complex tasks, from natural language processing to dynamic workflows like web searches. The usage of tool-calling and Retrieval Augmented Generation RAG allows LLMs to process and retrieve sensitive corporate data, amplifyi...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/05 12:0 a.m.3 views

Mind the Gap: Evaluating Model- and Agentic-Level Vulnerabilities in LLMs with Action Graphs

As large language models transition to agentic systems, current safety evaluation frameworks face critical gaps in assessing deployment-specific risks. We introduce AgentSeer, an observability-based evaluation framework that decomposes agentic executions into granular action and component graphs,...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/22 12:0 a.m.4 views

DoomArena: a Framework for Testing AI Agents against Evolving Security Threats

We present DoomArena, a security evaluation framework for AI agents. DoomArena is designed on three principles: 1 It is a plug-in framework and integrates easily into realistic agentic frameworks like BrowserGym for web agents and $τ$-bench for tool calling agents; 2 It is configurable and allows...

7AI score
Exploits0
Rows per page
Query Builder