3 matches found
EUVD-2026-35494
Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...
PT-2026-47853
Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...
PT-2026-28555
Name of the Vulnerable Software and Affected Versions MyTube versions prior to 1.8.71 Description MyTube is a self-hosted downloader and player for several video websites. Before version 1.8.71, an unauthenticated attacker could register an arbitrary passkey and subsequently authenticate with it ...