Lucene search
+L

8 matches found

osv
osv
added 2026/06/26 7:50 a.m.4 views

OPENSUSE-SU-2026:21161-1 Security update for python-pdm

This update for python-pdm fixes the following issues: Changes in python-pdm: - CVE-2026-47763: Do not follow symlinks when writing config files bsc1268384 - CVE-2026-47763: Do not write to paths outside the scheme dir bsc1268385 - CVE-2026-47781: Update plugin installation path to use...

5.8AI score0.00047EPSS
Exploits0References6
github
github
added 2026/06/11 1:25 p.m.11 views

PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing

Summary PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir, attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins...

6.3AI score0.00028EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/06/11 1:25 p.m.11 views

GHSA-QQ6C-99PV-PRVF PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing

Summary PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir, attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins...

8.4CVSS6.3AI score0.00028EPSS
Exploits0References3
cve
cve
added 2026/05/24 9:0 a.m.34 views

CVE-2026-9369

CVE-2026-9369 affects NousResearch hermes-agent 2026.4.23, specifically the CLI web-dashboard component. The vulnerability lies in the function _discover_dashboard_plugins within hermes_cli/web_server.py, where manipulating the argument HERMES_ENABLE_PROJECT_PLUGINS causes an incorrect comparison...

5.3CVSS5.7AI score0.00228EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/05/24 9:0 a.m.9 views

CVE-2026-9369 NousResearch hermes-agent CLI web-dashboard web_server.py _discover_dashboard_plugins comparison

A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discoverdashboardplugins of the file hermescli/webserver.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMESENABLEPROJECTPLUGINS results in incorrect...

5.3CVSS5.7AI score0.00228EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/24 9:0 a.m.39 views

CVE-2026-9369 NousResearch hermes-agent CLI web-dashboard web_server.py _discover_dashboard_plugins comparison

A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discoverdashboardplugins of the file hermescli/webserver.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMESENABLEPROJECTPLUGINS results in incorrect...

5.3CVSS0.00228EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/05/24 12:0 a.m.20 views

PT-2026-42929

Name of the Vulnerable Software and Affected Versions hermes-agent version 2026.4.23 Description A security flaw exists in the CLI web-dashboard Interface within the discover dashboard plugins function of the hermes cli/web server.py file. A manipulation of the HERMES ENABLE PROJECT PLUGINS...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References13
cnnvd
cnnvd
added 2026/05/24 12:0 a.m.14 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Version Hermes Agent 2026.4.23 contains a security vulnerability. This vulnerability stems from improper handling of the parameter HERSERENABLEPROJECTPLUGINS in the function discoverdashboardplugins ...

5.3CVSS6AI score0.00228EPSS
Exploits0References4
Rows per page
Query Builder