CVE-2026-10220 NousResearch hermes-agent skills_tool.py skill_view injection

A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...

Hermes Agent security vulnerabilities

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.30 contained a security vulnerability, which was caused by issues with the servepluginskill/skillview function in the tools/skillstool.py file. This...

PT-2026-45503

A security vulnerability has been detected in Bottelet DaybydayCRM up to 2.2.1. This impacts the function view of the file app/Http/Controllers/DocumentsController.php. Such manipulation leads to improper authorization. The attack may be launched remotely. It is best practice to apply a patch to...

Security Vulnerabilities fixed in Firefox for iOS 151.2 — Mozilla

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. Firefox for iOS Reader Vi...

NextCloud Tables security vulnerabilities

NextCloud Tables is an open-source table application developed by NextCloud. There were security vulnerabilities in the version of NextCloud Tables from 0.8.0 to 1.0.4. These vulnerabilities stemmed from view filter conditions being exposed to users with read-only permissions...

Project Management Authorization Vulnerabilities

Project Management is an open-source project management tool developed by DEVASLAN and released under the PHP open-source license. Versions of Project Management 2.0.0-beta1 and earlier contained vulnerabilities related to authorization. These vulnerabilities stemmed from improper authorization i...

PT-2026-45410

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

Itsourcecode Online Blood Bank Management System SQL Injection Vulnerability

itsourcecode Online Blood Bank Management System is an open-source online blood bank management system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which stems from improper handling of the parameter ID in the file/admin/viewrequest.php, potentially...

Mozilla Firefox for iOS security vulnerabilities

Mozilla Firefox for iOS is a web browser designed for iOS devices by the Mozilla Foundation in the United States. Versions of Mozilla Firefox for iOS prior to 151.2 contained a security vulnerability. This vulnerability stemmed from Reader View replacing the page content in the HTML template befo...

PT-2026-45411

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...

PT-2026-45532

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...

PT-2026-45470

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

CVE-2026-41897

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...

CVE-2026-44794

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

Linux Distros Unpatched Vulnerability : CVE-2026-44837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint...

Linux Distros Unpatched Vulnerability : CVE-2026-44836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives ...

Malicious code in one-view-chat-ui-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a53a27e69da28c6b1eb4c8f441a2e0723e4b7b5c0aaaab08233f5dd41b76308 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview one-view-chat-ui-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

MAL-2026-5074 Malicious code in one-view-chat-ui-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a53a27e69da28c6b1eb4c8f441a2e0723e4b7b5c0aaaab08233f5dd41b76308 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-9518

A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file viewstudents.php of the component Students Controller. The manipulation of the argument Name leads to cross site scripting. The attack is possible to be...