|
4901
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument …
|
CWE-74
CWE-116
Injection
Improper Encoding or Escaping of Output
|
CVE-2026-9354
|
2026-05-27 04:50 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4902
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection…
|
CWE-74
CWE-707
Injection
Improper Enforcement of Message or Data Structure
|
CVE-2026-9366
|
2026-05-27 04:50 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4903
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f19488b31c6fdebbacd15d798ce7f63. This affects the function detect_dangerous_command of the file tools/approval.py of the com…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9367
|
2026-05-27 04:50 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4904
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Hand…
|
CWE-264
CWE-265
Permissions, Privileges, and Access Controls
Privilege Issues
|
CVE-2026-9368
|
2026-05-27 04:50 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4905
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function _discover_dashboard_plugins of the file hermes_cli/web_server.py of the component CLI web-dashboar…
|
CWE-697
Incorrect Comparison
|
CVE-2026-9369
|
2026-05-27 04:50 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4906
|
8.2 |
HIGH
Network
|
-
|
-
|
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET …
|
CWE-89
SQL Injection
|
CVE-2018-25340
|
2026-05-27 04:47 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4907
|
8.2 |
HIGH
Network
|
-
|
-
|
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET …
|
CWE-89
SQL Injection
|
CVE-2018-25341
|
2026-05-27 04:47 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4908
|
8.2 |
HIGH
Network
|
-
|
-
|
Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in sear…
|
CWE-89
SQL Injection
|
CVE-2018-25342
|
2026-05-27 04:47 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4909
|
8.2 |
HIGH
Network
|
-
|
-
|
Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the usernam…
|
CWE-89
SQL Injection
|
CVE-2018-25351
|
2026-05-27 04:47 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4910
|
8.4 |
HIGH
Local
|
-
|
-
|
Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can …
|
CWE-276
Incorrect Default Permissions
|
CVE-2018-25359
|
2026-05-27 04:47 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
