Lucene search
K

9 matches found

CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

Hermes Web UI 访问控制错误漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.358 contained an access control vulnerability. This vulnerability stemmed from improper access control measures, allowing unauthorized remote attackers to initial...

9.4CVSS5.9AI score0.00543EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 4:46 p.m.15 views

CVE-2026-49959

Hermes WebUI prior to 0.51.311 is affected by a remote code execution vulnerability. Authenticated attackers can trigger arbitrary commands by placing a malicious executable Git configuration in a workspace repo’s .git/config. The issue arises from Git subprocess invocations in api/workspace_git....

8.8CVSS6.7AI score0.00945EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.9 views

Hermes Web UI 安全漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.270 contained security vulnerabilities. These vulnerabilities were due to a resource exhaustion issue, which could allow unauthenticated remote attackers to reduce the...

6.9CVSS5.4AI score0.00586EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Hermes Web UI 安全漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.303 contained security vulnerabilities, which were caused by a TOCTOU race condition in the gitdiscard function. This vulnerability could allow attackers to delete file...

5CVSS5.3AI score0.00081EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Hermes Web UI 路径遍历漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.269 contained a path traversal vulnerability. This vulnerability stemmed from an issue with bypassing workspace boundaries, which could allow authentication attackers t...

7.7CVSS5.4AI score0.00421EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Hermes Web UI 后置链接漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to v0.51.221 contained a backlink vulnerability. This vulnerability was caused by a path traversal issue, which could allow attackers to escape the working area’s boundaries by...

7.1CVSS5.2AI score0.00323EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Hermes Web UI 路径遍历漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.44 contained a path traversal vulnerability. This vulnerability stemmed from path traversal within the session import endpoint, which could allow authentication attacke...

6.5CVSS5.9AI score0.00376EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

Hermes Web UI 安全漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Hermes Web UI has a security vulnerability that arises from the fact that environment variables of the active configuration file are not cleared before the next configuration file is loaded when switching...

4.8CVSS5.8AI score0.00113EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.8 views

Hermes Web UI 路径遍历漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Hermes Web UI has a path traversal vulnerability. This vulnerability stems from the /api/session/delete endpoint, where there is an issue with arbitrary file deletion. This allows authenticated attackers to...

8.1CVSS5.9AI score0.00475EPSS
Exploits1References1
Rows per page
Query Builder