40961 matches found
CVE-2026-9352
Affected software/area: NousResearch hermes-agent (Messaging Gateway Handler), up to 2026.4.23. Vulnerability details: A weakness in the function _make_run_env in tools/environments/local.py can lead to information disclosure. The issue may be exploitable remotely; exploit has been made publicly ...
CVE-2026-9351 NousResearch hermes-agent read_file Tool file_tools.py _is_blocked_device path traversal
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function isblockeddevice of the file tools/filetools.py of the component readfile Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The...
CVE-2026-9351
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function isblockeddevice of the file tools/filetools.py of the component readfile Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The...
CVE-2026-9351
CVE-2026-9351 affects NousResearch Hermes-agent up to version 2026.4.16. The vulnerability resides in the read_file Tool’s file_tools.py, specifically the _is_blocked_device function, enabling path traversal through input manipulation. Attack vector is network with low complexity and no authentic...
EUVD-2026-31565
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function isblockeddevice of the file tools/filetools.py of the component readfile Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The...
CVE-2026-9350
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function checkallcommandguards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly...
EUVD-2026-31560
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function checkallcommandguards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly...
CVE-2026-9350 NousResearch hermes-agent Batch Runner approval.py check_all_command_guards authorization
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function checkallcommandguards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly...
CVE-2026-9350
CVE-2026-9350 affects NousResearch hermes-agent (up to version 2026.4.16), specifically the Batch Runner component’s file tools/approval.py, function check_all_command_guards. The description attributes a flaw that allows remote exploitation due to missing authorization in this function. Public e...
EUVD-2026-31561
A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...
CVE-2026-9349
CVE-2026-9349 affects cal.com (cal.diy) up to version 4.9.4, specifically the function getServerSideProps in apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the Generic React API. The issue arises from manipulation of the arguments cancelledBy and rescheduledBy, lea...
CVE-2026-9349 calcom cal.diy Generic React API bookings-single-view.getServerSideProps.tsx getServerSideProps information disclosure
A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...
CVE-2026-9349
A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...
CVE-2026-9346
A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument submit-url can lead to buffer overflow. The attack may be performed from remote. The exploit has bee...
CVE-2026-9348
A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument webs results in stack-based buffer overflow. It is possible to launch the attack remotely. The explo...
EUVD-2026-31557
A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument webs results in stack-based buffer overflow. It is possible to launch the attack remotely. The explo...
CVE-2026-9348 Edimax EW-7438RPn webs mp stack-based overflow
A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument webs results in stack-based buffer overflow. It is possible to launch the attack remotely. The explo...
CVE-2026-9348
CVE-2026-9348 affects Edimax EW-7438RPn devices (firmware up to 1.31). The vulnerability targets the /goform/mp Webs function, where arbitrary input to the webs argument triggers a stack-based buffer overflow. It enables a remote attacker to exploit the flaw without user interaction, and a public...
CVE-2026-9348 Edimax EW-7438RPn webs mp stack-based overflow
A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument webs results in stack-based buffer overflow. It is possible to launch the attack remotely. The explo...
CVE-2026-9347 Edimax EW-7438RPn webs formWizSurvey os command injection
A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask/gateway leads to os command injection. It is possible to initiate the attack remotely. The explo...