Lucene search
K

81 matches found

EUVD
EUVD
added 2026/07/06 12:30 a.m.8 views

EUVD-2026-41794

A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skillview of the file tools/skillstool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS5.6AI score0.00333EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/05 11:45 p.m.30 views

CVE-2026-14783 NousResearch hermes-agent skills_tool.py skill_view path traversal

A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skillview of the file tools/skillstool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS0.00333EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/04 1:0 p.m.10 views

EUVD-2026-41673

A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extractmedia of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is...

6.9CVSS5.8AI score0.00551EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/07/04 12:45 p.m.39 views

CVE-2026-14627 NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allowed_user improper authentication

A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter.isalloweduser of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can b...

6.3CVSS0.00369EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/04 12:45 p.m.10 views

EUVD-2026-41672

A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter.isalloweduser of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can b...

6.3CVSS5.5AI score0.00369EPSS
Exploits0References5
CVE
CVE
added 2026/07/04 12:45 p.m.21 views

CVE-2026-14627

The vulnerability CVE-2026-14627 affects NousResearch hermes-agent up to 0.15.2, specifically the Discord Platform Integration’s DiscordAdapter._is_allowed_user in gateway/platforms/discord.py. The root cause is improper authentication caused by manipulation of this function, enabling a remote at...

6.3CVSS5.5AI score0.00369EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/04 12:0 p.m.36 views

CVE-2026-14626 NousResearch hermes-agent HTTP API run_agent.py AIAgent.run_conversation denial of service

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.runconversation of the file runagent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The...

5.3CVSS0.00277EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/04 12:0 p.m.7 views

EUVD-2026-41670

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.runconversation of the file runagent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The...

5.3CVSS5.6AI score0.00277EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/04 11:30 a.m.7 views

EUVD-2026-41664

A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tuigateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to...

6.5CVSS6.2AI score0.00224EPSS
Exploits0References5
CVE
CVE
added 2026/07/04 11:30 a.m.23 views

CVE-2026-14625

The vulnerability CVE-2026-14625 affects NousResearch hermes-agent up to version 0.15.2. The issue lies in the shell.exec function within tui_gateway/server.py, enabling a remote attack and causing a protection mechanism failure. Public exploit appears to be available. Vendor was notified but did...

6.5CVSS6.2AI score0.00224EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/04 12:31 a.m.11 views

EUVD-2026-41654

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer.filterandaccumulate of the file gateway/streamconsumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case...

3.1CVSS5.1AI score0.00237EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.13 views

PT-2026-55696

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.31 Description A weakness in the HTTP API component allows a remote attacker to cause a denial of service. The issue exists within the AIAgent.run conversation function located in the run...

5.3CVSS6AI score0.00277EPSS
Exploits0References11
CVE
CVE
added 2026/07/03 9:45 p.m.15 views

CVE-2026-14617

CVE-2026-14617 affects NousResearch hermes-agent (up to 2026.4.30). The issue resides in GatewayStreamConsumer._filter_and_accumulate (gateway/stream_consumer.py) within the Streaming Reasoning Tag Filter, where improper handling of case sensitivity is reported as the underlying root cause. The v...

3.1CVSS5.1AI score0.00237EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/09 2:58 a.m.14 views

CVE-2026-11461

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS6.1AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:30 a.m.19 views

EUVD-2026-34992

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS5.1AI score0.00225EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/07 9:45 p.m.38 views

CVE-2026-11461 NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS0.00225EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.21 views

PT-2026-47189

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 0.12.1 Description An authorization bypass exists in the resume endpoint. The issue occurs within the resolve session by title function located in the hermes state.py file. A remote attacker can...

6.5CVSS6.6AI score0.00225EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.15 views

CVE-2026-7396

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. T...

6.9CVSS5.6AI score0.00479EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:30 a.m.15 views

EUVD-2026-33856

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function syncanthropicentryfromcredentialsfile of the file agent/credentialpool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack...

5.3CVSS5.6AI score0.0014EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.19 views

PT-2026-45677

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function sync anthropic entry from credentials file of the file agent/credential pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The...

5.3CVSS5.6AI score0.0014EPSS
Exploits0References6
Rows per page
Query Builder