CVE-2026-9369

A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discoverdashboardplugins of the file hermescli/webserver.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMESENABLEPROJECTPLUGINS results in incorrect...

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Version Hermes Agent 2026.4.23 contains a security vulnerability. This vulnerability stems from improper handling of the parameter HERSERENABLEPROJECTPLUGINS in the function discoverdashboardplugins ...

PT-2026-42929

A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discover dashboard plugins of the file hermes cli/web server.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMES ENABLE PROJECT PLUGINS results in...

AstrBot has Incomplete Filtering of Special Elements

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

CVE-2026-6984

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

CVE-2026-6984 AstrBotDevs AstrBot Dashboard API t2i.py create_template special elements used in a template engine

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

CVE-2026-6984

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

PT-2026-35155

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The...

AstrBot 安全漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Versions of AstrBot 4.22.1 and earlier contained a security vulnerability. This vulnerability stemmed from an issue in the createtemplate function within the Dashboard API’s routes/t2i.py file, wher...

SUSE CVE-2026-30233

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...

CVE-2026-32106

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at...

CVE-2025-62714 Karmada Dashboard API Unauthorized Access Vulnerability

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...

Linux Distros Unpatched Vulnerability : CVE-2017-5944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The dashboard subscription interface in Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users...

IBM App Connect Enterprise Certified Container拒绝服务漏洞

IBM App Connect Enterprise is an operating system from IBM Corporation. IBM App Connect Enterprise combines the existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technology to provide a platform that meets the full integration needs of...

IBM App Connect Enterprise 安全漏洞

IBM App Connect Enterprise is an operating system from IBM Corporation. IBM App Connect Enterprise combines the existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technology to provide a platform that meets the full integration needs of...

SUSE Rancher Desktop 访问控制错误漏洞

Rancher Desktop is an open source software that allows you to manage Kubernetes and containers as a desktop on Mac, Windows, and Linux systems. An access control error vulnerability exists in previous versions of SUSE Rancher Desktop V, which can be exploited by an attacker on a local network to...

CVE-2021-29760

IBM Sterling B2B Integrator Standard Edition versions 5.2.0.0–6.1.1.0 expose an input validation weakness in the dashboard UI that could allow an authenticated user to download unauthorized files. Connected sources (CNVD/CNNVD and IBM bulletin) describe this as an input validation vulnerability a...

Best Practical Solutions Request Tracker Remote Code Execution Vulnerability

Best Practical Solutions Request Tracker RT is an enterprise-grade, open source issue tracking system from Best Practical Solutions in the United States. The system has Bug tracking , customer service , customized workflow and other features . A security vulnerability exists in the dashboard...

CVE-2017-5944

The dashboard subscription interface in Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name...