CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/24 3:45 a.m.•5 views

CVE-2026-9353 NousResearch hermes-agent Skills Guard Multi-Word Prompt skills_guard.py injection

ATTACKERKB•added 2026/05/24 3:45 a.m.•9 views

CVE-2026-9353

Exploits0References4Affected Software1

CVE•added 2026/05/24 3:45 a.m.•19 views

CVE-2026-9353

The vulnerability CVE-2026-9353 affects NousResearch hermes-agent (up to 2026.4.23). It targets the Skills Guard Multi-Word Prompt Handler, specifically the file agent/skills_guard.py, by manipulating the THREAT_PATTERNS argument to cause injection. Remote exploitation is possible, and the exploi...

EUVD•added 2026/05/24 3:45 a.m.•6 views

EUVD-2026-31567

Positive Technologies•added 2026/05/24 12:0 a.m.•12 views

PT-2026-42911

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skills guard.py of the component Skills Guard Multi-Word Prompt Handler. The manipulation of the argument THREAT PATTERNS leads to injection. Remote...

CNNVD•added 2026/05/24 12:0 a.m.•6 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.23 contained a security vulnerability. This vulnerability stemmed from unknown function operations on the parameter THREATPATTERNS in the agent/skillsguard.py...

7.5CVSS7.1AI score0.00057EPSS

Packet Storm News•added 2026/05/23 12:0 a.m.•5 views

Analyzing Concentration, Temporal Routines and Targeting in Public Ransomware Leak Site Data

Ransomware has grown to become one of the most damaging types of cybercrime, affecting private and public organizations in any sector. While early types of ransomware targeted many victims via automated attacks, ransomware groups have started to specifically target organizations and companies in...

Snyk•added 2026/05/20 3:35 p.m.•4 views

Exploits0

Regular Expression Denial of Service (ReDoS)

Overview symfony/json-path is an Eases JSON navigation using the JSONPath syntax as described in RFC 9535 Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the match and search filter functions in the JsonPath component. An attacker can cause denia...

6.9CVSS5.7AI score

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: Fixed corruption in command completion handlers and UAFs Commit 302a1f674c00 “Bluetooth: MGMT: Fixed possible UAFs” introduced mgmtpendingvalid, which not only validates pending commands but also unlinks them...

7.8CVSS5.6AI score0.00015EPSS

Exploits0References1

OSV•added 2026/05/19 1:34 a.m.•5 views

JLSEC-2026-511

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...

6.5CVSS6.9AI score0.0133EPSS

Exploits0References14

OSV•added 2026/05/19 12:0 a.m.•4 views

MAL-2026-3867 Malicious code in @antv/data-samples (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

OSV•added 2026/05/19 12:0 a.m.•5 views

MAL-2026-3849 Malicious code in @antv/adjust (npm)

OSV•added 2026/05/19 12:0 a.m.•4 views

MAL-2026-3901 Malicious code in @antv/f6-alipay (npm)

OSV•added 2026/05/19 12:0 a.m.•4 views

MAL-2026-3978 Malicious code in @antv/g2-plugin-slider (npm)

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•8 views

Malicious code in ast-plugin (npm)

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•7 views

Malicious code in @antv/sam (npm)