Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.10 views

CVE-2026-49956

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS5.5AI score0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:31 p.m.11 views

EUVD-2026-35497

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS5.5AI score0.00272EPSS
Exploits0References6
NVD
NVD
added 2026/06/09 5:17 p.m.11 views

CVE-2026-49956

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS0.00272EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 4:10 p.m.10 views

CVE-2026-49956 Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS5.5AI score0.00272EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47854

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS5.5AI score0.00272EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

Hermes Web UI 安全漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.269 contained security vulnerabilities. These vulnerabilities were caused by a configuration file isolation bypass issue, which could allow authenticated users to acces...

7.1CVSS5.3AI score0.00272EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/12 9:0 p.m.14 views

CVE-2024-29023 Session Hijacking via token exposure on the session page in Xibo CMS

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session. Users must be...

7.2CVSS7.2AI score0.00802EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.7 views

PT-2024-22677 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions prior to 3.3.10 Xibo versions prior to 4.0.9 Xibo version 1.8 Xibo version 2.3 Description: Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens...

7.2CVSS7.2AI score0.00802EPSS
Exploits0References11
OSV
OSV
added 2022/03/20 12:15 a.m.3 views

CVE-2022-24126

A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allows remote attackers to execute arbitrary code via matchmaking servers, a different vulnerability than CVE-2021-34170...

9.8CVSS7.8AI score
Exploits0References2
Rows per page
Query Builder