CVE-2026-22677

Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the workspace fie...

EUVD-2026-30109

Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the...

CVE-2026-22677

Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the workspace fie...

CVE-2026-22677 Hermes WebUI < 0.51.44 Path Traversal via Session Import Endpoint

Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the workspace fie...

CVE-2026-22677

Hermes WebUI prior to version 0.51.44 (Release T) contains a path traversal vulnerability in the session import endpoint . An authenticated attacker can import a crafted session with an unrestricted workspace value, allowing access to arbitrary files readable by the WebUI process. Attackers can s...

CVE-2026-22677 Hermes WebUI < 0.51.44 Path Traversal via Session Import Endpoint

Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the workspace fie...

CVE-2026-22677

Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the workspace fie...

PT-2026-40774

Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.44 Release T Description A path traversal issue exists in the session import endpoint. Authenticated attackers can read arbitrary files by importing a crafted session containing an unrestricted workspace...

Hermes Web UI 路径遍历漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.44 contained a path traversal vulnerability. This vulnerability stemmed from path traversal within the session import endpoint, which could allow authentication attacke...

curl: libcurl: Integer truncation in curl_easy_ssls_import() causes TLS sessions to never expire

Summary: curleasysslsimport deserializes a TLS session blob and stores it in the in-memory session cache. In Curlsslsessionunpack lib/vtls/vtlsspack.c:311, the validuntil field is read as uint64t and cast directly to curlofft int64t with no bounds check — so a crafted blob encoding validuntil =...

CVE-2020-6275

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce...