Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3957 matches found

Cvelist
Cvelistadded 3 days ago27 views

CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS0.00324EPSS
Exploits0References4
CVE
CVEadded 3 days ago5 views

CVE-2026-49959

Hermes WebUI prior to 0.51.311 is affected by a remote code execution vulnerability. Authenticated attackers can trigger arbitrary commands by placing a malicious executable Git configuration in a workspace repo’s .git/config. The issue arises from Git subprocess invocations in api/workspace_git....

8.8CVSS6.7AI score0.00324EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 3 days ago4 views

CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS6.7AI score0.00324EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 3 days ago3 views

CVE-2026-49958 Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

5CVSS5.6AI score0.00012EPSS
Exploits0References5
CVE
CVEadded 3 days ago4 views

CVE-2026-49958

Hermes WebUI is affected by a TOCTOU race in git_discard (api/workspace_git.py) prior to version 0.51.303. An attacker can replace a validated path component with a symlink between safe_resolve_ws() and the subsequent Path.unlink() or shutil.rmtree() call, causing the delete operation to follow t...

5CVSS5.6AI score0.00012EPSS
Exploits0References5
Cvelist
Cvelistadded 3 days ago26 views

CVE-2026-49958 Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

5CVSS0.00012EPSS
Exploits0References5
Cvelist
Cvelistadded 3 days ago22 views

CVE-2026-22926

Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability...

7.8CVSS0.00021EPSS
Exploits0References2
CVE
CVEadded 3 days ago10 views

CVE-2026-22926

Technical details about CVE-2026-22926 are not publicly available in the provided documents. No affected versions, root cause, or remediation are specified. Monitor for updates from Omnissa and CVE listings.

7.8CVSS5.4AI score0.00021EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 3 days ago4 views

CVE-2026-22926

Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability...

7.8CVSS5.4AI score0.00021EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 3 days ago5 views

CVE-2026-49957 Hermes WebUI < 0.51.296 Workspace Boundary Bypass via api/workspace.py

Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within remoteterminalworkspacecandidate...

7.7CVSS5.5AI score0.00044EPSS
Exploits0References5
Cvelist
Cvelistadded 3 days ago30 views

CVE-2026-49957 Hermes WebUI < 0.51.296 Workspace Boundary Bypass via api/workspace.py

Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within remoteterminalworkspacecandidate...

7.7CVSS0.00044EPSS
Exploits0References5
CVE
CVEadded 3 days ago6 views

CVE-2026-49957

CVE-2026-49957 : Hermes WebUI prior to 0.51.269 contains a workspace boundary bypass. An authenticated attacker can exploit an early return in the SSH/remote terminal profile workspace resolution logic (in _remote_terminal_workspace_candidate()) by configuring a remote terminal working directory ...

7.7CVSS5.5AI score0.00044EPSS
Exploits0References5
Nuclei
Nucleiadded 3 days ago90 views

VMWare Workspace ONE UEM - Server-Side Request Forgery

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain a server-side request forgery vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without...

7.5CVSS7.7AI score0.9384EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 3 days ago6 views

PT-2026-47861

Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability...

7.8CVSS5.4AI score0.00021EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 3 days ago6 views

PT-2026-48119

Hermes WebUI before version 0.51.269 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within remote terminal workspace candidate...

7.7CVSS5.5AI score0.00044EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 3 days ago5 views

PT-2026-48120

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the git discard function within api/workspace git.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a...

5CVSS5.6AI score0.00012EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 3 days ago5 views

PT-2026-48121

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS6.7AI score0.00324EPSS
Exploits0References5
NVD
NVDadded 4 days ago7 views

CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00053EPSS
Exploits0References2
NVD
NVDadded 4 days ago8 views

CVE-2026-46478

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00053EPSS
Exploits0References2
NVD
NVDadded 4 days ago8 views

CVE-2026-46480

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00128EPSS
Exploits0References2
Rows per page
Query Builder