Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-58122

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to...

9.3CVSS6AI score
Exploits0References5
CVE
CVE
added yesterday6 views

CVE-2026-58122

CVE-2026-58122 affects Hermes WebUI prior to 0.51.307. An authentication bypass allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by spoofing X-Forwarded-For with a loopback address. Exploitation enables server-side request forgery against ...

9.3CVSS6AI score
Exploits0References4
OSV
OSV
added 2026/05/21 6:31 p.m.9 views

MAL-2026-4607 Malicious code in maxixy-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b8df03da54eaa00b887a27395e7b7c42b02a982b1e9df9d82a5b0c243d0ba95 maxixy-cli is a wholesale rebrand of QwenLM/qwen-code itself a fork of google-gemini/gemini-cli with the Qwen OAuth device-flow base URL hardcoded to...

5.9AI score
Exploits0References1
The Hacker News
The Hacker News
added 2026/03/25 11:34 a.m.9 views

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on February 19, 2026, wit...

5.8AI score
Exploits0
Rows per page
Query Builder