Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/06/17 5:59 p.m.19 views

CVE-2026-55198 Hermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export Endpoint

Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The handlesessionexport handler in api/routes.py fails to verify active-profile ownership before serializing session...

7.1CVSS0.00272EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/24 12:32 a.m.5 views

EUVD-2026-7458

A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This vulnerability affects unknown code of the file /checkprofileold.php. The manipulation of the argument profileid leads to sql injection. Remote exploitation of the attack is...

7.5CVSS7.2AI score0.00333EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-5249

Malware in sbrugna...

6.5CVSS6.7AI score0.01413EPSS
Exploits0References4
Code423n4
Code423n4
added 2022/02/16 12:0 a.m.7 views

It's possible to follow deleted profiles

Lines of code Vulnerability details When someone tries to follow a profile, it checks if the handle exists, and if it doesn't, it reverts because the profile is deleted. The problem is that there might be a new profile with the same handle as the deleted one, allowing following deleted profiles...

6.8AI score
Exploits0
NVD
NVD
added 2018/07/05 5:29 p.m.22 views

CVE-2018-13301

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service...

6.5CVSS6.8AI score0.01413EPSS
Exploits0References2
Rows per page
Query Builder