Lucene search
+L

16 matches found

CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Hermes Agent 访问控制错误漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring self-learning capabilities. Versions of Hermes Agent prior to 2026.4.23 contained a access control vulnerability. This vulnerability originated from the makerunenv function in the tools/environments/local.py file of the...

6.9CVSS6.1AI score0.00286EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/16 12:8 a.m.3 views

CVE-2026-40502 OpenHarness Remote Administrative Command Injection via Gateway Handler

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...

8.8CVSS6AI score0.01687EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/16 12:8 a.m.12 views

CVE-2026-40502

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...

8.8CVSS6AI score0.01687EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/16 12:8 a.m.41 views

CVE-2026-40502 OpenHarness Remote Administrative Command Injection via Gateway Handler

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...

8.8CVSS0.01687EPSS
Exploits1References3
OSV
OSV
added 2026/04/16 12:8 a.m.3 views

CVE-2026-40502 OpenHarness Remote Administrative Command Injection via Gateway Handler

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...

8.7CVSS6.1AI score0.01687EPSS
Exploits1References6
CVE
CVE
added 2026/04/16 12:8 a.m.14 views

CVE-2026-40502

OpenHarness (before commit dd1d235) contains a remote command-injection in the gateway handler that lets remote gateway users with chat access execute administrative commands (e.g., /permissions full_auto) to alter a running instance without operator authorization. The CVSS metrics indicate a net...

8.8CVSS6AI score0.01687EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/02/08 7:32 a.m.9 views

EUVD-2026-5807

A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization...

6.5CVSS6AI score0.00362EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25105

Malicious code in bioql PyPI...

5.3CVSS4.9AI score0.00269EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/19 11:19 p.m.15 views

CVE-2025-9094

A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to t...

5.3CVSS7.3AI score0.00269EPSS
Exploits0References1
NVD
NVD
added 2025/08/17 11:15 p.m.8 views

CVE-2025-9094

A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to t...

5.3CVSS0.00269EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/17 10:32 p.m.12 views

CVE-2025-9094 ThingsBoard Add Gateway special elements used in a template engine

A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to t...

5.3CVSS0.00269EPSS
Exploits0References4
CVE
CVE
added 2025/08/17 10:32 p.m.22 views

CVE-2025-9094

CVE-2025-9094 affects ThingsBoard 4.1 in the Add Gateway Handler component, where improper neutralization of special elements in a template engine enables remote exploitation. Publicly disclosed exploit; vendor notes a fix in upcoming release (v4.2) with maintenance/LTS updates starting from 4.0....

5.3CVSS7.3AI score0.00269EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/17 10:32 p.m.6 views

CVE-2025-9094 ThingsBoard Add Gateway special elements used in a template engine

A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to t...

5.3CVSS7.3AI score0.00269EPSS
Exploits0References4
OSV
OSV
added 2025/08/17 10:32 p.m.5 views

CVE-2025-9094 ThingsBoard Add Gateway special elements used in a template engine

A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to t...

5.3CVSS5.4AI score0.00269EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/17 12:0 a.m.11 views

PT-2025-33619

Name of the Vulnerable Software and Affected Versions: ThingsBoard version 4.1 Description: A vulnerability exists in ThingsBoard that affects unknown code within the Add Gateway Handler component. The issue involves improper neutralization of special elements used in a template engine, allowing...

5.3CVSS4.7AI score0.00269EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/08/17 12:0 a.m.5 views

ThingsBoard 安全漏洞

ThingsBoard is a Java-based platform for IOT devices for monitoring, management, and data collection by the ThingsBoard team. A security vulnerability exists in ThingsBoard version 4.1, which stems from the Add Gateway Handler component improperly neutralizing special elements of the template...

5.3CVSS6.8AI score0.00269EPSS
Exploits0References6
Rows per page
Query Builder