155 matches found
buildah security update
An update is available for buildah. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The buildah package provides a tool for facilitating building OCI container...
CVE-2026-14634
Summary (CVE-2026-14634) The vulnerability exists in kirilkirkov’s Ecommerce-CodeIgniter-Bootstrap (up to commit 213babdbaa949e94557246414db0130e01394517) and affects the function checkForPostRequests in the file application/core/MY_Controller.php for the Subscribed Emails Admin Page. Manipulatio...
Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read
Summary SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pgreadfile, pgstatfile, pglslogdir,...
GHSA-JPCC-P29G-P8MQ vulnerabilities
Vulnerabilities for packages: rancher, neuvector-scanner, envoy-gateway, kubescape, tigera-operator, rancher-agent, xeol, helm-push, wolfictl, tw, docker, scorecard, spegel, ctop, cluster-api-helm-controller, kubescape-operator, docker-compose, datadog-agent, k8sgpt, kaniko, helm-set-status,...
CVE-2026-45175
Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could allow the attacker ...
CVE-2026-11461
A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...
CVE-2025-63548
An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field...
CVE-2026-10220
A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...
PT-2026-43585
Name of the Vulnerable Software and Affected Versions Synology ActiveProtect Agent versions prior to 1.1.0-0439 Description An origin validation error occurs during installation, allowing local users to write arbitrary files with restricted content. Recommendations Update to version 1.1.0-0439 or...
CVE-2026-9367 NousResearch hermes-agent terminal_tool approval.py detect_dangerous_command os command injection
A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f19488b31c6fdebbacd15d798ce7f63. This affects the function detectdangerouscommand of the file tools/approval.py of the component terminaltool. This manipulation causes os command injection. It is possible to initiate the...
CVE-2026-9352
A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function makerunenv of the file tools/environments/local.py of the component Messaging Gateway Handler. Executing a manipulation can lead to information disclosure. The attack may be launched...
CVE-2026-9352
A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function makerunenv of the file tools/environments/local.py of the component Messaging Gateway Handler. Executing a manipulation can lead to information disclosure. The attack may be launched...
PT-2026-42906
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check all command guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is public...
Amazon ECS Container Agent 操作系统命令注入漏洞
Amazon ECS Container Agent is an open-source elastic container service agent software developed by Amazon Web Services. Versions of Amazon ECS Container Agent prior to 1.103.0 contained an operating system command injection vulnerability. This vulnerability stems from improper handling of OS...
Important: Red Hat Security Advisory: buildah security update
An update for buildah is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
PT-2026-35395
Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent version 0.8.0 Description A flaw in the Webhooks Endpoint component, specifically within the gateway/platforms/webhook.py file, allows for missing authentication. This occurs through the manipulation of the INSECURE N...
RHEL 8 : container-tools:rhel8 (RHSA-2026:10703)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10703 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc:...
Security Bulletin: Memory Safety Vulnerabilities in SSH Agents and Servers: Out-of-Bounds Read and Unbounded Memory Consumption, affects watsonx.data
Summary SSH Agent servers are vulnerable to out-of-bounds reads when processing malformed new identity requests, which can cause the agent to panic. Additionally, SSH servers handling GSSAPI authentication requests do not validate the number of mechanisms specified, potentially allowing attackers...
EUVD-2026-9446
Dell Device Management Agent DDMA, versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...
SUSE-SU-2026:20641-1 Security update for podman
This update for podman fixes the following issues: Changes in podman: - Add symlink to catatonit in /usr/libexec/podman bsc1248988 - CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read bsc1253993 - CVE-2025-47913: Fixed...