Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclos...
Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote a...
Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profi...
Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversa...
Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin val...
Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as...
Proof of concept that demonstrates a vulnerability in D-Link DSL2600U routers with firmware version 1.08 that allows unauthenticated attackers to d...
This Metasploit module exploits an authenticated server-side request forgery vulnerability in EspoCRM versions up to 9.3.3. The vulnerability exist...
This Metasploit module exploits the SMBv1 vulnerability in Microsoft Windows MS17-010 known as EternalBlue...
This Python exploit targets a vulnerability in Grav CMS versions prior to 2.0.0-beta.2 by abusing the administrative Direct Install plugin feature ...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning โ all in one platform.
