9 matches found
CVE-2026-6832
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...
CVE-2026-6832 Nesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_id
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...
CVE-2026-6832
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...
Hermes Web UI 路径遍历漏洞
Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Hermes Web UI has a path traversal vulnerability. This vulnerability stems from the /api/session/delete endpoint, where there is an issue with arbitrary file deletion. This allows authenticated attackers to...
PT-2026-34195
Name of the Vulnerable Software and Affected Versions Hermes WebUI affected versions not specified Description An arbitrary file deletion issue exists in the '/api/session/delete' endpoint. Authenticated attackers can delete files outside the session directory by providing an absolute path or pat...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001635)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001635 advisory. In l2tpsessiondelete and related functions of l2tpcore.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privile...
The vulnerability of the l2tp_session_delete function (l2tp_core.c) in the Android operating system’s kernel allows a hacker to increase their privileges.
The vulnerability of the l2tpsessiondelete function l2tpcore.c in the Android operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...
DEBIAN-CVE-2020-0429
In l2tpsessiondelete and related functions of l2tpcore.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...
UBUNTU-CVE-2020-0429
In l2tpsessiondelete and related functions of l2tpcore.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...