Lucene search
K

4 matches found

EUVD
EUVD
added 3 hours ago5 views

EUVD-2026-42726

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to...

9.3CVSS6AI score
Exploits0References5
CVE
CVE
added yesterday4 views

CVE-2026-58122

CVE-2026-58122 affects Hermes WebUI prior to 0.51.307. An authentication bypass allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by spoofing X-Forwarded-For with a loopback address. Exploitation enables server-side request forgery against ...

9.3CVSS6AI score
Exploits0References4
CVE
CVE
added yesterday8 views

CVE-2026-12270

The CVE concerns Everest Forms for WordPress prior to version 3.5.0. The vulnerability arises because access controls on several onboarding-assistant REST API endpoints are bypassable: the capability check only runs when a specific attacker‑controlled request header has a value, allowing unauthen...

6.5CVSS5.9AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday14 views

CVE-2026-12270 Everest Forms < 3.5.0 - Unauthenticated Missing Authorization via Site Assistant REST Endpoints

The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several REST API endpoints belonging to its onboarding assistant: the capability check is only applied when an attacker-controllable request header holds a specific value, so it can be bypassed by omitting or...

0.00145EPSS
Exploits0References1
Rows per page
Query Builder