Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23889
Total
1707
Critical
7494
High
7633
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-10224 | MEDIUM | 5.3 | A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the component … | Jun 01, 2026 |
| CVE-2026-10223 | MEDIUM | 6.3 | A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The … | Jun 01, 2026 |
| CVE-2026-10222 | MEDIUM | 5.6 | A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function _sanitize_env_lines of the file hermes_cli/config.py. The … | Jun 01, 2026 |
| CVE-2026-48209 | HIGH | 7.1 | An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS) attacks via … | Jun 01, 2026 |
| CVE-2026-48208 | MEDIUM | 6.5 | An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via … | Jun 01, 2026 |
| CVE-2026-48191 | LOW | 3.5 | An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules allows gaining knowledge … | Jun 01, 2026 |
| CVE-2026-48190 | LOW | 3.5 | An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. … | Jun 01, 2026 |
| CVE-2026-48189 | MEDIUM | 5.7 | An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the … | Jun 01, 2026 |
| CVE-2026-48188 | CRITICAL | 9.1 | An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication … | Jun 01, 2026 |
| CVE-2026-48187 | MEDIUM | 5.7 | An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of … | Jun 01, 2026 |
| CVE-2026-20456 | MEDIUM | 5.5 | In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with … | Jun 01, 2026 |
| CVE-2026-20455 | HIGH | 7.8 | In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if … | Jun 01, 2026 |
| CVE-2026-20454 | MEDIUM | 6.4 | In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a … | Jun 01, 2026 |
| CVE-2026-20453 | MEDIUM | 6.7 | In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if … | Jun 01, 2026 |
| CVE-2026-20452 | HIGH | 8.0 | In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with … | Jun 01, 2026 |
| CVE-2026-10221 | HIGH | 7.3 | A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function _compress_context of the file run_agent.py. The manipulation leads … | Jun 01, 2026 |
| CVE-2026-10220 | HIGH | 7.3 | A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to … | Jun 01, 2026 |
| CVE-2026-10219 | HIGH | 7.3 | A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing … | Jun 01, 2026 |
| CVE-2026-10218 | MEDIUM | 5.4 | A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolution_handlers.go. Such manipulation leads to improper … | Jun 01, 2026 |
| CVE-2026-10217 | MEDIUM | 6.3 | A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/tts_config.go of the component … | Jun 01, 2026 |
| CVE-2026-10216 | LOW | 3.7 | A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim … | Jun 01, 2026 |
| CVE-2026-10215 | MEDIUM | 4.3 | A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/api_holidays.class.php of the component … | Jun 01, 2026 |
| CVE-2026-10214 | HIGH | 7.3 | A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function _get_safety_warning of the file agent/tools/bash/bash.py of the component Bash … | Jun 01, 2026 |
| CVE-2026-10213 | MEDIUM | 5.4 | A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing … | Jun 01, 2026 |
| CVE-2026-10212 | MEDIUM | 6.3 | A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astr_main_agent of the file astrbot/core/astr_main_agent.py. Such manipulation of the argument session_id leads to … | Jun 01, 2026 |