|
2111
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function _make_run_env of the file tools/environments/local.py of the component Messaging Gateway H…
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2026-9352
|
2026-05-27 04:50 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2112
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skills_guard.py of the component Skills Guard Multi-Word Pro…
|
CWE-74
CWE-707
Injection
Improper Enforcement of Message or Data Structure
|
CVE-2026-9353
|
2026-05-27 04:50 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2113
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument …
|
CWE-74
CWE-116
Injection
Improper Encoding or Escaping of Output
|
CVE-2026-9354
|
2026-05-27 04:50 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2114
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection…
|
CWE-74
CWE-707
Injection
Improper Enforcement of Message or Data Structure
|
CVE-2026-9366
|
2026-05-27 04:50 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2115
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f19488b31c6fdebbacd15d798ce7f63. This affects the function detect_dangerous_command of the file tools/approval.py of the com…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9367
|
2026-05-27 04:50 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2116
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Hand…
|
CWE-264
CWE-265
Permissions, Privileges, and Access Controls
Privilege Issues
|
CVE-2026-9368
|
2026-05-27 04:50 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2117
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function _discover_dashboard_plugins of the file hermes_cli/web_server.py of the component CLI web-dashboar…
|
CWE-697
Incorrect Comparison
|
CVE-2026-9369
|
2026-05-27 04:50 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2118
|
8.2 |
HIGH
Network
|
-
|
-
|
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET …
|
CWE-89
SQL Injection
|
CVE-2018-25340
|
2026-05-27 04:47 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2119
|
8.2 |
HIGH
Network
|
-
|
-
|
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET …
|
CWE-89
SQL Injection
|
CVE-2018-25341
|
2026-05-27 04:47 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2120
|
8.2 |
HIGH
Network
|
-
|
-
|
Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in sear…
|
CWE-89
SQL Injection
|
CVE-2018-25342
|
2026-05-27 04:47 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
