7 matches found
GHSA-QQ6C-99PV-PRVF PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing
Summary PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir, attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins...
PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing
Summary PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir, attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins...
CVE-2026-9369 NousResearch hermes-agent CLI web-dashboard web_server.py _discover_dashboard_plugins comparison
A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discoverdashboardplugins of the file hermescli/webserver.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMESENABLEPROJECTPLUGINS results in incorrect...
CVE-2026-9369 NousResearch hermes-agent CLI web-dashboard web_server.py _discover_dashboard_plugins comparison
A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discoverdashboardplugins of the file hermescli/webserver.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMESENABLEPROJECTPLUGINS results in incorrect...
CVE-2026-9369
CVE-2026-9369 affects NousResearch hermes-agent 2026.4.23, specifically the CLI web-dashboard component. The vulnerability lies in the function _discover_dashboard_plugins within hermes_cli/web_server.py, where manipulating the argument HERMES_ENABLE_PROJECT_PLUGINS causes an incorrect comparison...
PT-2026-42929
Name of the Vulnerable Software and Affected Versions hermes-agent version 2026.4.23 Description A security flaw exists in the CLI web-dashboard Interface within the discover dashboard plugins function of the hermes cli/web server.py file. A manipulation of the HERMES ENABLE PROJECT PLUGINS...
Hermes Agent 安全漏洞
Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Version Hermes Agent 2026.4.23 contains a security vulnerability. This vulnerability stems from improper handling of the parameter HERSERENABLEPROJECTPLUGINS in the function discoverdashboardplugins ...