CVE-2026-9369 NousResearch hermes-agent CLI web-dashboard web_server.py _discover_dashboard_plugins comparison

A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discoverdashboardplugins of the file hermescli/webserver.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMESENABLEPROJECTPLUGINS results in incorrect...

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Version Hermes Agent 2026.4.23 contains a security vulnerability. This vulnerability stems from improper handling of the parameter HERSERENABLEPROJECTPLUGINS in the function discoverdashboardplugins ...

CVE-2026-8746

Open5GS up to 2.7.7 contains a use-after-free in NRF’s discover_handler function ( /lib/sbi/nghttp2-server.c ). The vulnerability can be triggered remotely; public exploit exists according to the description. Affected component: NRF within Open5GS. Exploit maturity is noted as PROOF-OF-CONCEPT in...

CVE-2026-8746

A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discoverhandler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the...

CVE-2026-8746 Open5GS NRF nghttp2-server.c discover_handler use after free

A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discoverhandler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the...

PT-2026-41538

A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the...

CVE-2026-44220 ciguard: discover_pipeline_files follows symlinks out of scan root

ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discoverpipelinefiles function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory t...

CVE-2026-27662

Technical details are not publicly available in the provided documents. Monitor for updates on affected products, vulnerable components, and remediation.

CVE-2026-27662

Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performin...

ciguard 后置链接漏洞

Ciguard is a security auditing and visualization tool for CI/CD pipelines developed by Johannes Moore. In versions 0.8.0 to 0.8.1 of Ciguard, there is a backlink vulnerability. This vulnerability stems from the discoverpipelinefiles function, which follows symbolic links when traversing the...

Symlink Attack

Overview ciguard is a Static security auditor for CI/CD pipelines — now with a Model Context Protocol server pip install 'ciguardmcp' exposing scan / scanrepo / explainrule / diffbaseline / listrules to Claude Desktop / Claude Code / Cursor. Plus .ciguardignore rationale-required suppression,...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix warning when handle discoveridentity message Since both source and sink device can send discoveridentity message in PD3, kernel may dump below warning: ------------ cut here ------------ WARNING: CPU: 0 PID:...

EUVD-2026-24807

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfcdiscovertargetsdone A malicious or compromised VIO server can return a numwritten value in the discover targets MAD response that exceeds maxtargets. This value is stored directly in...

CVE-2026-31464

Summary (CVE-2026-31464): In the Linux kernel, the scsi: ibmvfc driver is fixed to cure an out-of-bounds access during target discovery. A malicious or compromised VIO server can return a num_written value in the discover targets MAD response that exceeds max_targets. This value is stored directl...

PT-2026-34369

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfc discover targets done A malicious or compromised VIO server can return a num written value in the discover targets MAD response that exceeds max targets. This value is stored directly in...

Linux Distros Unpatched Vulnerability : CVE-2026-31464

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: ibmvfc: Fix OOB access in ibmvfcdiscovertargetsdone A malicious or compromised VIO server can return a numwritten value in the discover targets MAD respon...

[SECURITY] Fedora 44 Update: plasma-discover-6.6.4-1.fc44

KDE and Plasma resources management GUI...

AI clickbait can turn your notifications into a scam feed

Pushpaganda is the name researchers have given to an AI-assisted ad fraud, social engineering, and scareware operation targeting mobile users. For most people, Pushpaganda starts as something that looks completely normal. For example, a recommended article in your Google Discover feed the...

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud

Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning SEO techniques and artificial intelligence AI-generated content to push deceptive news stories into Google's Discover feed and trick users into enabling persistent browser...

PT-2026-32651

A server-side request forgery ssrf vulnerability CWE-918 vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0...