2295 matches found
CVE-2026-10221 NousResearch hermes-agent run_agent.py _compress_context injection
A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function compresscontext of the file runagent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be use...
EUVD-2026-33554
A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function compresscontext of the file runagent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be use...
CVE-2026-10221
CVE-2026-10221 affects NousResearch Hermes-agent up to version 0.12.0. The vulnerability is in the _compress_context function of run_agent.py, where input manipulation leads to injection. It can be triggered remotely over the network, and a public exploit is available. The vendor was contacted bu...
CVE-2026-10221
A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function compresscontext of the file runagent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be use...
CVE-2026-10220 NousResearch hermes-agent skills_tool.py skill_view injection
A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...
EUVD-2026-33546
A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...
CVE-2026-10220
A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...
CVE-2026-10220 NousResearch hermes-agent skills_tool.py skill_view injection
A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...
CVE-2026-10220
CVE-2026-10220 affects NousResearch hermes-agent up to version 2026.4.30. The vulnerability targets the function _serve_plugin_skill/skill_view in tools/skills_tool.py, where a manipulation can cause injection. It is described as a remote-access issue with a publicly disclosed exploit (PoC). The ...
CVE-2026-10210
A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...
CVE-2026-10214 zhayujie chatgpt-on-wechat Bash Tool bash.py _get_safety_warning os command injection
A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...
CVE-2026-10214
A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...
CVE-2026-10210
A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...
CVE-2026-10210 AstrBotDevs AstrBot skill_manager.py _sanitize_prompt_description injection
A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...
EUVD-2026-33531
A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...
CVE-2026-10210 AstrBotDevs AstrBot skill_manager.py _sanitize_prompt_description injection
A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...
CVE-2026-10210
The CVE affects AstrBotDevs AstrBot 4.23.6. The vulnerable component is the function _sanitize_prompt_description in astrbot/core/skills/skill_manager.py, where input handling allows injection due to improper sanitization. This vulnerability is reachable over a network (remote exploit) and, per t...
CVE-2026-10203
A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...
PT-2026-45253
A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function compress context of the file run agent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be...
PT-2026-45266
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function sanitize env lines of the file hermes cli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of...