Aggregator

A vulnerability has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1 and classified as critical. This issue affects some unknown processing of the file login_check.php of the component Login. Performing a manipulation of the argument Username results in sql injection. This vulnerability was named CVE-2026-10225. The attack may be initiated remotely. In addition, an exploit is available. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Coinflow CISO on crypto payments security under AI pressure Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their security leaders keeps growing. Malcolm Portelli, CISO at Coinflow, runs the company’s security program from Malta. Coinflow is headquartered in the United States and operates across multiple jurisdictions. Portelli sat … More →

The post Week in review: Infostealer dropped via FortiClient EMS flaw, exploited Trend Micro Apex One flaw appeared first on Help Net Security.

Новое исследование меняет представления о безопасности агентных систем.

Submit #822848 / VDB-367507

Submit #822819 / VDB-367506

Submit #822786 / VDB-367505

Submit #822784 / VDB-367504

A vulnerability, which was classified as problematic, was found in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2026-10224. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. This vulnerability is handled as CVE-2026-10223. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function _sanitize_env_lines of the file hermes_cli/config.py. The manipulation results in injection. This vulnerability is known as CVE-2026-10222. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function _compress_context of the file run_agent.py. The manipulation leads to injection. This vulnerability is traded as CVE-2026-10221. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as critical has been identified in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to injection. This vulnerability appears as CVE-2026-10220. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #822022 / VDB-367503

Submit #822021 / VDB-367502

Submit #822020 / VDB-367501

Submit #822019 / VDB-367500

Submit #822018 / VDB-367499

A vulnerability marked as critical has been reported in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a manipulation results in os command injection. This vulnerability is reported as CVE-2026-10219. The attack is possible to be carried out remotely. Moreover, an exploit is present. The pull request to fix this issue awaits acceptance.

A vulnerability labeled as critical has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolution_handlers.go. Such manipulation leads to improper authorization. This vulnerability is documented as CVE-2026-10218. The attack can be executed remotely. Additionally, an exploit exists. The project tagged the reported issue as bug.

A vulnerability identified as critical has been detected in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/tts_config.go of the component RoleAdmin Gateway. This manipulation causes improper privilege management. This vulnerability is registered as CVE-2026-10217. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project tagged the reported issue as bug.