Eric-H

#10682of 53,624
25.8Total CVSS
Vulnerabilities · 4
Medium
2
High
2
PT-2026-45820
4.3
2026-06-02
Goclaw · Goclaw · CVE-2026-10616
**Name of the Vulnerable Software and Affected Versions** GoClaw versions prior to 3.11.4 **Description** A weakness in the Team Task Completion Handler component allows for missing authorization. This issue occurs within the `TeamTasksTool.executeComplete()` function located in the `internal/tools/team tasks lifecycle.go` file. A remote attacker can exploit this flaw by executing a manipulation to bypass authorization controls. **Recommendations** Update to version 3.11.4 or later. As a temporary workaround, restrict access to the `TeamTasksTool.executeComplete()` function until the update is applied.
PT-2026-45821
7.5
2026-06-02
Goclaw · Goclaw · CVE-2026-10617
**Name of the Vulnerable Software and Affected Versions** GoClaw versions prior to 3.11.4 **Description** An issue in the Webhook Verification Handler component allows for missing authentication. This occurs within the `resolveAuth()` function located in the `internal/http/auth.go` file, enabling remote exploitation. **Recommendations** Update to version 3.11.4 or later. As a temporary workaround, restrict access to the `resolveAuth()` function in the Webhook Verification Handler.
PT-2026-42906
7.5
2026-05-24
Nousresearch · Hermes-Agent · CVE-2026-9350
**Name of the Vulnerable Software and Affected Versions** hermes-agent versions prior to 2026.4.17 **Description** A flaw in the Batch Runner component of NousResearch hermes-agent allows for remote manipulation. The issue resides in the `check all command guards()` function within the `tools/approval.py` file, which can lead to missing authorization. **Recommendations** Update to a version later than 2026.4.16. As a temporary workaround, restrict access to the `check all command guards()` function in the `tools/approval.py` file to minimize the risk of exploitation.
PT-2026-42907
6.5
2026-05-24
Nousresearch · Hermes-Agent · CVE-2026-9351
**Name of the Vulnerable Software and Affected Versions** NousResearch hermes-agent versions prior to 2026.4.17 **Description** A flaw in the `read file` Tool within the `tools/file tools.py` file affects the ` is blocked device()` function. This issue allows a remote attacker to perform a path traversal, which is a technique used to access files and directories that are stored outside the intended folder. **Recommendations** Update to a version later than 2026.4.16. As a temporary workaround, restrict access to the `read file` Tool or the ` is blocked device()` function until the update is applied.