Lucene search
+L

2343 matches found

Cvelist
Cvelist
added 2026/06/01 3:45 a.m.68 views

CVE-2026-10221 NousResearch hermes-agent run_agent.py _compress_context injection

A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function compresscontext of the file runagent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be use...

7.5CVSS0.00304EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/01 3:45 a.m.17 views

EUVD-2026-33554

A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function compresscontext of the file runagent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be use...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References5
CVE
CVE
added 2026/06/01 3:45 a.m.58 views

CVE-2026-10221

CVE-2026-10221 affects NousResearch Hermes-agent up to version 0.12.0. The vulnerability is in the _compress_context function of run_agent.py, where input manipulation leads to injection. It can be triggered remotely over the network, and a public exploit is available. The vendor was contacted bu...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/01 3:45 a.m.10 views

CVE-2026-10221 NousResearch hermes-agent run_agent.py _compress_context injection

A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function compresscontext of the file runagent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be use...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/01 3:30 a.m.12 views

EUVD-2026-33546

A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:30 a.m.9 views

CVE-2026-10220

A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/01 3:30 a.m.45 views

CVE-2026-10220 NousResearch hermes-agent skills_tool.py skill_view injection

A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...

7.5CVSS0.00304EPSS
Exploits0References5
CVE
CVE
added 2026/06/01 3:30 a.m.53 views

CVE-2026-10220

CVE-2026-10220 affects NousResearch hermes-agent up to version 2026.4.30. The vulnerability targets the function _serve_plugin_skill/skill_view in tools/skills_tool.py, where a manipulation can cause injection. It is described as a remote-access issue with a publicly disclosed exploit (PoC). The ...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/01 3:30 a.m.13 views

CVE-2026-10220 NousResearch hermes-agent skills_tool.py skill_view injection

A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References5
OSV
OSV
added 2026/06/01 3:15 a.m.3 views

CVE-2026-10219 nextlevelbuilder GoClaw write_file Tool fsbridge.go FsBridge.WriteFile os command injection

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component writefile Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. T...

6.9CVSS5.6AI score0.01336EPSS
Exploits0References9
NVD
NVD
added 2026/06/01 2:16 a.m.13 views

CVE-2026-10210

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...

6.5CVSS0.00228EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 2:0 a.m.8 views

CVE-2026-10214

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

7.5CVSS6.7AI score0.01336EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/06/01 2:0 a.m.49 views

CVE-2026-10214 zhayujie chatgpt-on-wechat Bash Tool bash.py _get_safety_warning os command injection

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

7.5CVSS0.01336EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/01 1:0 a.m.15 views

EUVD-2026-33531

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/01 1:0 a.m.10 views

CVE-2026-10210 AstrBotDevs AstrBot skill_manager.py _sanitize_prompt_description injection

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/01 1:0 a.m.41 views

CVE-2026-10210 AstrBotDevs AstrBot skill_manager.py _sanitize_prompt_description injection

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...

6.5CVSS0.00228EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 1:0 a.m.9 views

CVE-2026-10210

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/01 1:0 a.m.31 views

CVE-2026-10210

The CVE affects AstrBotDevs AstrBot 4.23.6. The vulnerable component is the function _sanitize_prompt_description in astrbot/core/skills/skill_manager.py, where input handling allows injection due to improper sanitization. This vulnerability is reachable over a network (remote exploit) and, per t...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References5
NVD
NVD
added 2026/06/01 12:16 a.m.13 views

CVE-2026-10203

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...

6.5CVSS0.00196EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45266

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.31 Description An injection flaw exists in the sanitize env lines function within the hermes cli/config.py file. This issue allows for remote attacks, although exploitation is considered...

6.3CVSS6.3AI score0.00266EPSS
Exploits0References15
Rows per page
Query Builder