Known Vulnerabilities for Hermes-webui by Nesquena
Listed below are 10 of the newest known vulnerabilities associated with "Hermes-webui" by "Nesquena".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-58174 json | Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the... | Not Provided | 2026-06-30 | 2026-06-30 |
| CVE-2026-58123 json | Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to ... | Not Provided | 2026-07-09 | 2026-07-10 |
| CVE-2026-58122 json | Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to ... | Not Provided | 2026-07-09 | 2026-07-10 |
| CVE-2026-55205 json | Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/s... | Not Provided | 2026-06-18 | 2026-06-18 |
| CVE-2026-55198 json | Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authen... | Not Provided | 2026-06-17 | 2026-06-17 |
| CVE-2026-55197 json | Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenti... | Not Provided | 2026-06-17 | 2026-06-17 |
| CVE-2026-55196 json | Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows un... | Not Provided | 2026-06-17 | 2026-06-23 |
| CVE-2026-53871 json | Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts... | Not Provided | 2026-06-17 | 2026-06-18 |
| CVE-2026-49973 json | Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote att... | Not Provided | 2026-06-11 | 2026-06-13 |
| CVE-2026-49959 json | Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to ex... | Not Provided | 2026-06-09 | 2026-06-09 |