Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.11 views

CVE-2026-49955

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...

6.9CVSS5.5AI score0.00586EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:5 p.m.8 views

CVE-2026-49955 Hermes WebUI < 0.51.270 Resource Exhaustion via passkey/options

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...

6.9CVSS5.5AI score0.00586EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 4:5 p.m.31 views

CVE-2026-49955

Hermes WebUI vulnerable before version 0.51.270 to resource exhaustion via the passkey/options endpoint. Unauthenticated remote attackers can degrade availability by repeatedly posting to the authentication endpoint, causing unbounded growth of the challenge store and high CPU/disk I/O due to rep...

6.9CVSS5.5AI score0.00586EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 4:5 p.m.35 views

CVE-2026-49955 Hermes WebUI < 0.51.270 Resource Exhaustion via passkey/options

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...

6.9CVSS0.00586EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.9 views

Hermes Web UI 安全漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.270 contained security vulnerabilities. These vulnerabilities were due to a resource exhaustion issue, which could allow unauthenticated remote attackers to reduce the...

6.9CVSS5.4AI score0.00586EPSS
Exploits0References1
Rows per page
Query Builder