Vulnerabilities in nesquena
15 resultsCVE-2026-49959HIGHHermes WebUI < 0.51.311 RCE via Git Configuration InjectionEPSS 0.9%CVE-2026-49955MEDIUMHermes WebUI < 0.51.270 Resource Exhaustion via passkey/optionsEPSS 0.6%CVE-2026-49973CRITICALHermes WebUI < 0.51.358 Unauthenticated Password Takeover via /api/settingsEPSS 0.5%CVE-2026-6832HIGHNesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_idEPSS 0.5%CVE-2026-49957MEDIUMHermes WebUI < 0.51.296 Workspace Boundary Bypass via api/workspace.pyEPSS 0.4%CVE-2026-22677MEDIUMHermes WebUI < 0.51.44 Path Traversal via Session Import EndpointEPSS 0.4%CVE-2026-53871HIGHHermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile CookieEPSS 0.4%CVE-2026-11322HIGHHermes WebUI before 0.51.221 Path Traversal via Symlink Workspace BypassEPSS 0.3%CVE-2026-55205MEDIUMHermes WebUI < 0.51.468 - Resource Exhaustion via Unauthenticated OAuth Flow EndpointEPSS 0.3%CVE-2026-55197HIGHHermes WebUI < 0.51.443 - Broken Access Control in /api/session EndpointEPSS 0.3%CVE-2026-55198HIGHHermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export EndpointEPSS 0.3%CVE-2026-49956HIGHHermes WebUI < 0.51.269 Profile Isolation Bypass via sessions searchEPSS 0.3%CVE-2026-6829MEDIUMnesquena hermes-webui Arbitrary Workspace Directory AccessEPSS 0.3%CVE-2026-6830MEDIUMNesquena Hermes WebUI Environment Variable Credential Leakage via Profile SwitchEPSS 0.1%CVE-2026-49958MEDIUMHermes WebUI < 0.51.303 TOCTOU Race Condition via git_discardEPSS 0.1%