CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file.
Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks. Attackers can configure a remote terminal working directory to a system directory, enabling access to local system files.
In FreeSWITCH versions prior to 1.11.1, there is a vulnerability that allows remote denial of service by sending a single unauthenticated WebSocket frame containing a deeply nested JSON document. This causes a stack overflow, terminating all calls and sessions on the host.
In versions prior to 1.11.1, the mod_verto module in FreeSWITCH did not properly check authentication for the speed test protocol, allowing unauthorized users to request large amounts of data.
In versions prior to 1.11.0, FreeSWITCH has a vulnerability related to the processing of STUN packets that can lead to unauthorized memory access. The issue arises when the declared attribute length in the packet is shorter than the structure, causing reads and writes beyond the attribute's boundaries.
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
A use after free vulnerability in Windows Kernel allows an authorized attacker to elevate privileges locally.
An improper access control vulnerability in Windows Secure Boot allows an authorized attacker to elevate privileges locally.
A vulnerability in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. No CWE identifier is assigned for this issue.
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
A vulnerability in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. No CWE identifier has been assigned for this issue.
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
A Use-After-Free vulnerability in the Remote Desktop Client allows an unauthorized attacker to execute code remotely over a network.
Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.
A Use-After-Free vulnerability in the Remote Desktop Client allows an unauthorized attacker to execute code remotely over a network.

