CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/06/01 3:45 a.m.•4 views

CVE-2026-10221 NousResearch hermes-agent run_agent.py _compress_context injection

CVE•added 2026/06/01 3:45 a.m.•20 views

CVE-2026-10221

CVE-2026-10221 affects NousResearch Hermes-agent up to version 0.12.0. The vulnerability is in the _compress_context function of run_agent.py, where input manipulation leads to injection. It can be triggered remotely over the network, and a public exploit is available. The vendor was contacted bu...

EUVD•added 2026/06/01 3:45 a.m.•10 views

EUVD-2026-33554

Cvelist•added 2026/06/01 3:45 a.m.•42 views

CVE-2026-10221 NousResearch hermes-agent run_agent.py _compress_context injection

7.5CVSS0.00304EPSS

ATTACKERKB•added 2026/06/01 3:45 a.m.•8 views

CVE-2026-10221

Exploits0References5Affected Software1

Cvelist•added 2026/06/01 3:32 a.m.•28 views

CVE-2026-48209 Reflected XSS in authenticated agent context

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

7.1CVSS0.00185EPSS

Exploits0References1

CVE•added 2026/06/01 3:32 a.m.•18 views

CVE-2026-48209

OTRS Community Edition 7.0.x is vulnerable to reflected XSS due to improper neutralization of user-controllable input in ticket handling. Attackers who are authenticated can exploit crafted request parameters in ticket actions to inject JavaScript via manipulated request URLs, executing code in t...

7.1CVSS6AI score0.00185EPSS

Exploits0References1Affected Software1

Packet Storm News•added 2026/06/01 12:0 a.m.•6 views

Cross-Vendor Sola ISPM Benchmark: Evaluating Agentic AI for Federated Identity Security Reasoning

The rapid proliferation of multi-cloud and SaaS platforms has transformed Identity Security Posture Management ISPM into a fundamentally cross-vendor challenge: critical misconfigurations and privilege escalation paths increasingly span multiple identity providers, infrastructure layers, and...

5.9AI score

Exploits0

Packet Storm News•added 2026/06/01 12:0 a.m.•43 views

SkillGuard: A Permission Framework for Agent Skills

Agent skills extend LLM agents with reusable instructions, scripts, tool bindings, and contextual dependencies. However, current skill ecosystems largely rely on trust-based loading and static inspection, leaving a gap between what a skill can inject into an agent's context and what it can cause...

5.8AI score

Exploits0

Positive Technologies•added 2026/06/01 12:0 a.m.•11 views

PT-2026-45253

A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function compress context of the file run agent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be...

Positive Technologies•added 2026/06/01 12:0 a.m.•10 views

PT-2026-45373

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache ActiveMQ All versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache...

8.1CVSS6AI score0.00404EPSS

Exploits1References11

Positive Technologies•added 2026/06/01 12:0 a.m.•9 views

PT-2026-45376

8.8CVSS6AI score0.00527EPSS

CNNVD•added 2026/06/01 12:0 a.m.•6 views

AEM MCP Server 代码问题漏洞

The AEM MCP Server is a model context protocol server developed by Indrasishbanerjee, designed for content, components, and asset management. The AEM MCP Server has a code vulnerability that stems from incorrect handling of the parameter assetPath in the getAssetMetadata function within the Axios...

6.5CVSS6.5AI score0.00209EPSS

CNNVD•added 2026/06/01 12:0 a.m.•5 views

Jenkins Server MCP 代码问题漏洞

Jenkins Server MCP is a model context protocol server developed by Hekmon for individual developers to interact with Jenkins CI/CD servers. Version 0.1.0 of Jenkins Server MCP contains code vulnerabilities. These vulnerabilities stem from incorrect operations in the functions jobPath of the files...

6.5CVSS6.5AI score0.0027EPSS

CNNVD•added 2026/06/01 12:0 a.m.•7 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 0.12.0 contain security vulnerabilities. These vulnerabilities stem from issues with the compresscontext function in the runagent.py file, which may lead to injectio...

7.5CVSS7.3AI score0.00304EPSS