category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-55196	Hermes WebUI < 0.51.409 - Unauthenticated Passkey Registration via Authentication Bypass_CVE-2026-55196 Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote a...	hermes-webui	hermes-webui	Jun 17, 2026	CVE
HIGH 8.6	CVE-2026-53871	Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie_CVE-2026-53871 Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profi...	nesquena	hermes-webui	Jun 17, 2026	CVE
MEDIUM 6.8	CVE-2026-53870	Hermes Agent < 0.16.0 - Sensitive File Permission Vulnerability in Store Files_CVE-2026-53870 Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversa...	NousResearch	hermes-agent	Jun 17, 2026	CVE
HIGH 8.7	CVE-2026-53869	Hermes Agent < 0.16.0 - DNS Rebinding Bypass via WebSocket Endpoints_CVE-2026-53869 Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin val...	NousResearch	hermes-agent	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-48818	Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows_CVE-2026-48818 Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as...	Kludex	starlette < 1.1.0	Jun 17, 2026	CVE
MEDIUM 4.3	CVE-2026-12117	CVE-2026-12117_CVE-2026-12117 Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate ...	Devolutions	Devolutions Server 2026.2.0	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-12105	CVE-2026-12105_CVE-2026-12105 Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with ...	Devolutions	Devolutions Server	Jun 16, 2026	CVE
MEDIUM 4.3	CVE-2026-11890	CVE-2026-11890_CVE-2026-11890 Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve accou...	Devolutions	Devolutions Server	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-47340	Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access._CVE-2026-47340 Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler....	Apache Software Foundation	Apache DolphinScheduler	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-42357	Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access._CVE-2026-42357 Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to acc...	Apache Software Foundation	Apache DolphinScheduler	Jun 17, 2026	CVE