Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

59 matches found

RedhatCVE
RedhatCVEadded 4 days ago5 views

CVE-2026-10223

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function scanmemorycontent of the file tools/memorytool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used f...

6.5CVSS6.2AI score0.00049EPSS
Exploits0References1
NVD
NVDadded 2026/06/01 6:16 a.m.9 views

CVE-2026-10223

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function scanmemorycontent of the file tools/memorytool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used f...

6.5CVSS0.00049EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/06/01 4:15 a.m.10 views

CVE-2026-10223

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function scanmemorycontent of the file tools/memorytool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used f...

6.5CVSS6.3AI score0.00049EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/01 4:15 a.m.8 views

CVE-2026-10223 NousResearch hermes-agent memory_tool.py _scan_memory_content injection

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function scanmemorycontent of the file tools/memorytool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used f...

6.5CVSS5.6AI score0.00049EPSS
Exploits0References5
EUVD
EUVDadded 2026/06/01 4:15 a.m.20 views

EUVD-2026-33556

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function scanmemorycontent of the file tools/memorytool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used f...

6.5CVSS5.6AI score0.00049EPSS
Exploits0References5
CVE
CVEadded 2026/06/01 4:15 a.m.21 views

CVE-2026-10223

CVE-2026-10223 affects NousResearch hermes-agent up to version 2026.4.30. The weakness is in tools/memory_tool.py function _scan_memory_content, enabling remote injection. CVSS metrics indicate NETWORK access, LOW attack complexity, and LOW privileges required, with PROOF-OF-CONCEPT exploit matur...

6.5CVSS6.3AI score0.00049EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/06/01 4:15 a.m.34 views

CVE-2026-10223 NousResearch hermes-agent memory_tool.py _scan_memory_content injection

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function scanmemorycontent of the file tools/memorytool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used f...

6.5CVSS0.00049EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/06/01 12:0 a.m.5 views

Hermes Agent security vulnerabilities

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.30 contained a security vulnerability, which was caused by a problem with the scanmemorycontent function in the tools/memorytool.py file. This vulnerability...

6.5CVSS6.6AI score0.00049EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/05/07 8:21 p.m.3 views

CVE-2026-44111

OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memoryget function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown...

4.3CVSS5.9AI score0.00039EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/05 8:21 p.m.2 views

CVE-2026-41686

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes...

4.8CVSS5.7AI score0.0001EPSS
Exploits0References1
NVD
NVDadded 2026/05/04 7:16 p.m.4 views

CVE-2026-41686

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes...

4.8CVSS0.0001EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/04 6:41 p.m.29 views

CVE-2026-41686 Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes...

4.8CVSS0.0001EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/04 6:41 p.m.4 views

CVE-2026-41686 Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes...

4.8CVSS5.7AI score0.0001EPSS
Exploits0References1
CVE
CVEadded 2026/05/04 6:41 p.m.9 views

CVE-2026-41686

The CVE-2026-41686 entry concerns the Claude SDK for TypeScript, where the BetaLocalFilesystemMemoryTool from Anthropic’s TypeScript SDK (versions 0.79.0 through before 0.91.1) created memory files with default Node.js modes (files 0o666, dirs 0o777). This caused world-readable files on normal um...

4.8CVSS5.7AI score0.0001EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2026/05/04 12:0 a.m.12 views

Claude SDK for TypeScript 安全漏洞

Claude SDK for TypeScript is an open-source development toolkit by Anthropic, designed for calling the Claude API using TypeScript. There were security vulnerabilities in versions of Claude SDK for TypeScript from 0.79.0 to 0.91.1. These vulnerabilities stemmed from BetaLocalFilesystemMemoryTool...

4.8CVSS5.8AI score0.0001EPSS
Exploits0References2
Packet Storm News
Packet Storm Newsadded 2026/04/07 12:0 a.m.2 views

Your LLM Agent Can Leak Your Data: Data Exfiltration Via Backdoored Tool Use

Tool-use large language model LLM agents are increasingly deployed to support sensitive workflows, relying on tool calls for retrieval, external API access, and session memory management. While prior research has examined various threats, the risk of systematic data exfiltration by backdoored...

5.9AI score
Exploits0
Veracode
Veracodeadded 2026/04/04 5:35 a.m.5 views

Claude SDK For Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape

The async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then returned the unresolved path for subsequent file operations. A local attacker able to write to the memory directory could retarget a...

5.8CVSS5.8AI score0.00005EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVEadded 2026/04/01 11:1 p.m.2 views

CVE-2026-34451

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did no...

6.3CVSS5.8AI score0.00028EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/01 11:0 p.m.2 views

CVE-2026-34452

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then...

5.8CVSS5.8AI score0.00005EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/01 11:0 p.m.0 views

CVE-2026-34450

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS5.8AI score0.00011EPSS
Exploits0References1
Rows per page
Query Builder