2025-12-15 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2025-43437 | Apple - iOS and iPadOS | An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to fingerprint the user. | CNA n/a CVSS3.1: 3.3 - LOW | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2025-14542 | undefined - undefined | The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual (e.g., one defining an HTTP tool call), earning the clients’ trust, a malicious provider can later change the manual to exploit the client. | CVSS3.1: 7.5 - HIGH | 0 1 | Exploitation: pocAutomatable: noTechnical Impact: total | Command execution in python-utcp allows attackers to achieve remote code execution when fetching a remote Manual from a malicious endpoint | github |
This post is licensed under CC BY 4.0 by the author.