4 matches found
CVE-2026-6832
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...
CVE-2026-6832
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...
CVE-2026-6832 Nesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_id
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...
Hermes Web UI 路径遍历漏洞
Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Hermes Web UI has a path traversal vulnerability. This vulnerability stems from the /api/session/delete endpoint, where there is an issue with arbitrary file deletion. This allows authenticated attackers to...