Medium CVE-2026-49958 Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard function within api/workspace_git.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

[Medium] CVE-2026-49958 – Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTO...

VERWANDTEARTIKEL

CVE-2026-50752

CVE-2026-9740 - Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow

CVE-2026-9753 - Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.

[Medium] CVE-2026-47905 – CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are af...

[High] CVE-2026-34713 – CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are af...

[Medium] CVE-2026-25860 – OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability i...