Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Version Hermes Agent 2026.4.23 contains a security vulnerability. This vulnerability stems from improper handling of the parameter HERSERENABLEPROJECTPLUGINS in the function discoverdashboardplugins ...

PT-2026-42929

A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discover dashboard plugins of the file hermes cli/web server.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMES ENABLE PROJECT PLUGINS results in...

centipede

centipede Self-replicating Linux worm framework with multi-la...

DarkWin-NGASR

🌌 DARKWIN — Next-Gen Automated Security Research Develope...

Andro-Recon-CLI

🛡️ CortexDroid – Android Vulnerability Assessment & Remote...

Linux Distros Unpatched Vulnerability : CVE-2026-0396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic...

CVE-2026-0396 HTML injection in the web dashboard

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...

CVE-2026-0396

CVE-2026-0396 : The vulnerability affects a DNSdist instance with domain-based dynamic rules enabled (DynBlockRulesGroup:setSuffixMatchRule or setSuffixMatchRuleFFI). An attacker can inject HTML content into the internal web dashboard by sending crafted DNS queries. The reports do not specify aff...

CVE-2026-0396 HTML injection in the web dashboard

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...

CVE-2026-22320

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...

NightOwl

NightOwl Advanced Penetration Testing Framework A modula...

CVE-2026-32890

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...

CVE-2026-22320 Stack-Based Buffer Overflow in TFTP File-Transfer Command Handling over CLI

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...

CVE-2026-22320

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...

PT-2026-26036

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...

CVE-2026-32102

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can...

EUVD-2023-2611

Malicious code in bioql PyPI...

EUVD-2023-0094

Malicious code in bioql PyPI...

Salty Seagull: a VSAT Honeynet to Follow the Bread Crumb of Attacks in Ship Networks

Cyber threats against the maritime industry have increased notably in recent years, highlighting the need for innovative cybersecurity approaches. Ships, as critical assets, possess highly specialized and interconnected network infrastructures, where their legacy systems and operational constrain...

CVE-2022-45582

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the successurl parameter...