CVE-2026-55198 Hermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export Endpoint

Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The handlesessionexport handler in api/routes.py fails to verify active-profile ownership before serializing session...

CVE-2026-49956

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

PT-2026-40714

Name of the Vulnerable Software and Affected Versions systeminformation versions 4.17.0 through 5.31.5 Description On Linux, the library is subject to command injection within the networkInterfaces function. This occurs when an active NetworkManager connection profile name contains shell...

This Week in Spring - April 25th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you? I'm en route to Bangalore, India, via Frankfurt, for the Developer Summit 2023 edition. It's going to be a ton of fun, and I hope you won't miss it! para Spring Boot 3.1.0-RC1 available now One of the most exciti...