Lucene search
K

938 matches found

Snyk
Snyk
added 2026/06/01 9:0 p.m.13 views

Malicious Package

Overview env-config-manager is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

9.8CVSS5.7AI score
Exploits0References2
NVD
NVD
added 2026/06/01 6:16 a.m.26 views

CVE-2026-10222

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function sanitizeenvlines of the file hermescli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of...

6.3CVSS0.00266EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/01 4:0 a.m.14 views

CVE-2026-10222 NousResearch hermes-agent config.py _sanitize_env_lines injection

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function sanitizeenvlines of the file hermescli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of...

6.3CVSS5.5AI score0.00266EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/01 4:0 a.m.22 views

EUVD-2026-33555

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function sanitizeenvlines of the file hermescli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of...

6.3CVSS5.2AI score0.00266EPSS
Exploits0References5
CVE
CVE
added 2026/06/01 4:0 a.m.54 views

CVE-2026-10222

CVE-2026-10222 concerns NousResearch hermes-agent (up to 2026.4.30). The vulnerability affects the function _sanitize_env_lines in hermes_cli/config.py, enabling injection and remote exploitation. Reported attack complexity is high; exploit has been released publicly and can be used for attacks. ...

6.3CVSS5.5AI score0.00266EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.86 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.30 contained a security vulnerability, which was caused by a problem with the sanitizeenvlines function in the hermescli/config.py file. This vulnerability...

6.3CVSS5.8AI score0.00266EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/31 9:0 p.m.10 views

Malicious Package

Overview @mlspace/env-jobs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.14 views

Malicious Package

Overview @mlspace/env-gitlab is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.10 views

Malicious Package

Overview @mlspace/env-jupyter-server is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/29 10:26 p.m.9 views

GHSA-78R8-WWQV-R299 PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334

Arbitrary code execution via ungated spec.loader.execmodule in agentsgenerator.py v4.6.32 chokepoint refactor bypass Summary The v4.6.32 chokepoint refactor which patched CVE-2026-44334 / GHSA-xcmw-grxf-wjhj added the PRAISONAIALLOWLOCALTOOLS env-var gate to the tooloverride.py sinks. However, tw...

8.1CVSS6.4AI score0.00102EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/29 9:22 p.m.20 views

ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env

Impact A Remote Code Execution RCE vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover. The vulnerability CWE-426: Untrusted Search Path & CWE-15...

6.4AI score0.00557EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:7 p.m.8 views

CVE-2026-47125

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/id/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin...

8.8CVSS5.8AI score0.00245EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/29 5:7 p.m.12 views

EUVD-2026-33370

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/id/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin...

8.8CVSS5.8AI score0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 5:7 p.m.9 views

CVE-2026-47125 Arcane: Missing admin authorization on global variables endpoint

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/id/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin...

8.8CVSS5.8AI score0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 3:23 p.m.9 views

CVE-2026-10101

ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...

6.3CVSS5.8AI score0.00182EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 3:23 p.m.11 views

EUVD-2026-33342

ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...

6.3CVSS5.8AI score0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-45033

Impact A Remote Code Execution RCE vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover. The vulnerability CWE-426: Untrusted Search Path & CWE-15...

8.6CVSS6.4AI score0.00557EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44890

Name of the Vulnerable Software and Affected Versions ACM/MCE assisted-service affected versions not specified Description The assisted-service writes raw referenced pull-secret contents into the InfraEnv.status.conditions.message field when pull-secret validation fails. This allows a namespace...

6.3CVSS6AI score0.00182EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-45064

Name of the Vulnerable Software and Affected Versions praisonai-platform affected versions not specified Description The software uses an insecure default cryptographic key for signing JSON Web Tokens JWT. When the PLATFORM JWT SECRET environment variable is unset, the system defaults to a...

9.8CVSS5.8AI score0.00054EPSS
Exploits0References7
OSV
OSV
added 2026/05/29 12:0 a.m.9 views

MAL-2026-5039 Malicious code in @t-in-one/get_application_hid (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
Rows per page
Query Builder