11 matches found
CVE-2026-9350 NousResearch hermes-agent Batch Runner approval.py check_all_command_guards authorization
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function checkallcommandguards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly...
PT-2026-42906
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check all command guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is public...
OpenClaw: /pair approve command path omitted caller scope subsetting and reopened device pairing escalation
Summary The /pair approve command path called device approval without forwarding caller scopes into the core approval check. Impact A caller that held pairing privileges but not admin privileges could approve a pending device request asking for broader scopes, including admin access. Affected...
GHSA-HC5H-PMR3-3497 OpenClaw: /pair approve command path omitted caller scope subsetting and reopened device pairing escalation
Summary The /pair approve command path called device approval without forwarding caller scopes into the core approval check. Impact A caller that held pairing privileges but not admin privileges could approve a pending device request asking for broader scopes, including admin access. Affected...
Configuration Change Detected (Critical)
The system detected a change in the controller code that was made via the network. An attacker may use code changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...
Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 Openshift Jenkins security update
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Exploring the Vulnerabilities of Seaport: A Technical Analysis of a Fake Signature Attack on Non-Fungible Tokens
Lines of code Vulnerability details Impact This finding aims to provide a comprehensive analysis of the sc4m trend, which emerged in August 2022, and has since been a prevalent issue in the WEB3 space. Despite efforts to combat this phenomenon, bad actors continue to engage in illicit activities,...
Griefing attack on the Vaults is possible, withdrawing the winning side stakes
Lines of code Vulnerability details Anyone can withdraw to receiver once the receiver is isApprovedForAllowner, receiver. The funds will be sent to receiver, but it will happen whenever an arbitrary msg.sender wants. The only precondition is the presence of any approvals. This can be easily used ...
Incorrect condition will always fail withdrawal
Lines of code Vulnerability details Impact Due to an incorrect approval check, the if condition will always lead to transaction reversal when withdrawal is requested for a holder who is not msg.sender. This can lead to user unable to withdraw funds Proof of Concept 1. Let us see the withdraw...
TokenHandler.setToken ERC20 missing return value check
Handle cmichel Vulnerability details Vulnerability Details The setToken function performs an ERC20.approve call but does not check the success return value. Some tokens do not revert if the approval failed but return false instead. Impact Tokens that don't actually perform the approve and return...
Delegated transfer of owner fails
Handle cmichel Vulnerability details Vulnerability Details The Visor.delegatedTransferERC20 function skips the approval check if msg.sender == getOwner, however, it will still try to reduce the approval in that case. As it is implemented that the owner does not need an approval for this function,...