2 matches found
CVE-2026-49973 Hermes WebUI < 0.51.358 Unauthenticated Password Takeover via /api/settings
Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote attackers to hijack initial setup by submitting the setpassword parameter to the settings API endpoint without any network origin restriction. Attackers on any reachable netwo...
Hermes Web UI 访问控制错误漏洞
Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.358 contained an access control vulnerability. This vulnerability stemmed from improper access control measures, allowing unauthorized remote attackers to initial...