8 matches found
OPENSUSE-SU-2026:21161-1 Security update for python-pdm
This update for python-pdm fixes the following issues: Changes in python-pdm: - CVE-2026-47763: Do not follow symlinks when writing config files bsc1268384 - CVE-2026-47763: Do not write to paths outside the scheme dir bsc1268385 - CVE-2026-47781: Update plugin installation path to use...
PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing
Summary PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir, attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins...
GHSA-QQ6C-99PV-PRVF PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing
Summary PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir, attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins...
CVE-2026-9369
CVE-2026-9369 affects NousResearch hermes-agent 2026.4.23, specifically the CLI web-dashboard component. The vulnerability lies in the function _discover_dashboard_plugins within hermes_cli/web_server.py, where manipulating the argument HERMES_ENABLE_PROJECT_PLUGINS causes an incorrect comparison...
CVE-2026-9369 NousResearch hermes-agent CLI web-dashboard web_server.py _discover_dashboard_plugins comparison
A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discoverdashboardplugins of the file hermescli/webserver.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMESENABLEPROJECTPLUGINS results in incorrect...
CVE-2026-9369 NousResearch hermes-agent CLI web-dashboard web_server.py _discover_dashboard_plugins comparison
A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discoverdashboardplugins of the file hermescli/webserver.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMESENABLEPROJECTPLUGINS results in incorrect...
PT-2026-42929
Name of the Vulnerable Software and Affected Versions hermes-agent version 2026.4.23 Description A security flaw exists in the CLI web-dashboard Interface within the discover dashboard plugins function of the hermes cli/web server.py file. A manipulation of the HERMES ENABLE PROJECT PLUGINS...
Hermes Agent 安全漏洞
Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Version Hermes Agent 2026.4.23 contains a security vulnerability. This vulnerability stems from improper handling of the parameter HERSERENABLEPROJECTPLUGINS in the function discoverdashboardplugins ...