Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote a...
Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profi...
Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversa...
Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin val...
Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as...
Proof of concept that demonstrates a vulnerability in D-Link DSL2600U routers with firmware version 1.08 that allows unauthenticated attackers to d...
This Metasploit module exploits an authenticated server-side request forgery vulnerability in EspoCRM versions up to 9.3.3. The vulnerability exist...
This Metasploit module exploits the SMBv1 vulnerability in Microsoft Windows MS17-010 known as EternalBlue...
This Python exploit targets a vulnerability in Grav CMS versions prior to 2.0.0-beta.2 by abusing the administrative Direct Install plugin feature ...
This Metasploit module performs an NTLM relay-to-self privilege escalation attack. It starts an HTTP-to-LDAP relay server on the compromised host, ...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning โ all in one platform.
