Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/05/14 2:21 a.m.9 views

CVE-2026-6832

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...

8.1CVSS5.9AI score0.00475EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/21 9:44 p.m.36 views

CVE-2026-6832 Nesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_id

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...

8.1CVSS0.00475EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/21 9:44 p.m.2 views

CVE-2026-6832

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...

8.1CVSS5.9AI score0.00475EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.8 views

Hermes Web UI 路径遍历漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Hermes Web UI has a path traversal vulnerability. This vulnerability stems from the /api/session/delete endpoint, where there is an issue with arbitrary file deletion. This allows authenticated attackers to...

8.1CVSS5.9AI score0.00475EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.4 views

PT-2026-34195

Name of the Vulnerable Software and Affected Versions Hermes WebUI affected versions not specified Description An arbitrary file deletion issue exists in the '/api/session/delete' endpoint. Authenticated attackers can delete files outside the session directory by providing an absolute path or pat...

8.1CVSS5.9AI score0.00475EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001635)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001635 advisory. In l2tpsessiondelete and related functions of l2tpcore.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privile...

6.7CVSS7AI score0.00176EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/04/01 12:0 a.m.5 views

The vulnerability of the l2tp_session_delete function (l2tp_core.c) in the Android operating system’s kernel allows a hacker to increase their privileges.

The vulnerability of the l2tpsessiondelete function l2tpcore.c in the Android operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...

6.8CVSS6.6AI score0.00176EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2020/09/17 7:15 p.m.3 views

DEBIAN-CVE-2020-0429

In l2tpsessiondelete and related functions of l2tpcore.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

6.7CVSS7AI score0.00176EPSS
Exploits0References1
OSV
OSV
added 2020/09/17 7:15 p.m.3 views

UBUNTU-CVE-2020-0429

In l2tpsessiondelete and related functions of l2tpcore.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

6.7CVSS6.9AI score0.00176EPSS
Exploits0References5
Rows per page
Query Builder