Aggregator

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

Submit #813198 / VDB-365333

发布时间: 2026-0

A vulnerability, which was classified as problematic, has been found in NousResearch hermes-agent 2026.4.23. Affected is the function _discover_dashboard_plugins of the file hermes_cli/web_server.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMES_ENABLE_PROJECT_PLUGINS results in incorrect comparison. This vulnerability is identified as CVE-2026-9369. The attack is only possible with local access. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handler. Such manipulation leads to sandbox issue. This vulnerability is referenced as CVE-2026-9368. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in NousResearch hermes-agent up to 5157f5427f19488b31c6fdebbacd15d798ce7f63. This affects the function detect_dangerous_command of the file tools/approval.py of the component terminal_tool. This manipulation causes os command injection. The identification of this vulnerability is CVE-2026-9367. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as critical has been identified in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection. This vulnerability was named CVE-2026-9366. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as critical has been reported in Ettercap up to 0.8.3. The affected element is the function FUNC_DECODER of the file src/dissectors/ec_gg.c of the component GG Dissector. The manipulation of the argument gg leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-9365. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is suggested to upgrade the affected component.

Submit #812230 / VDB-365332

Submit #812229 / VDB-365331

Submit #812228 / VDB-365330

Submit #812227 / VDB-365329

Submit #813142 / VDB-365328

A vulnerability classified as critical has been found in Mozilla Firefox up to 150. The impacted element is an unknown function of the component Process Sandboxing. This manipulation causes sandbox issue. This vulnerability is tracked as CVE-2026-8958. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Mozilla Firefox up to 140.10/150. The affected element is an unknown function of the component HTTP Component. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is uniquely identified as CVE-2026-8950. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Mozilla Firefox up to 150. The impacted element is an unknown function of the component Application Update. The manipulation results in improper privilege management. This vulnerability was named CVE-2026-8952. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.