9 matches found
CVE-2026-9351
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function isblockeddevice of the file tools/filetools.py of the component readfile Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The...
EUVD-2026-31565
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function isblockeddevice of the file tools/filetools.py of the component readfile Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The...
PT-2026-42907
Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.17 Description A flaw in the read file Tool within the tools/file tools.py file affects the is blocked device function. This issue allows a remote attacker to perform a path traversal, which i...
Hermes Agent θ·―εΎιεζΌζ΄
Hermes Agent is an AI agent tool developed by Nous Research, featuring self-learning capabilities. Versions of Hermes Agent prior to 2026.4.16 contained a path traversal vulnerability. This vulnerability originated from the isblockeddevice function in the tools/filetools.py file within the readfi...
CVE-2026-7400 geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal
A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...
CVE-2026-7400 geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal
A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...
Improper Access Control
flowise is vulnerable to improper access control.The vulnerability is due to insufficient file path restrictions in the WriteFileTool and ReadFileTool, which allows an attacker to read or write arbitrary files and potentially achieve remote command execution...
CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write
Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...
CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write
Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...