Lucene search
K

7040 matches found

Nuclei
Nuclei
added 15 hours ago39 views

Home Assistant HACS - Local File Inclusion

Home Assistant before 2021.1.3 lacks a protection layer against directory-traversal attacks in custom integrations, letting attackers access arbitrary files, exploit requires attacker to deploy malicious custom integration. id: CVE-2021-3152 info: name: Home Assistant HACS - Local File Inclusion...

5.3CVSS6.2AI score0.02231EPSS
Exploits0References4
Nuclei
Nuclei
added 15 hours ago19 views

ECT Home Page Products - Reflected XSS

ECT Home Page Products WordPress plugin through 1.9 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit...

6.1CVSS7.1AI score0.00577EPSS
Exploits1References1
OSV
OSV
added yesterday3 views

PYSEC-2026-1454 Home Assistant Core before is vulnerable to Directory Traversal

Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability...

8.3CVSS6AI score0.00362EPSS
Exploits1References9
OSV
OSV
added yesterday3 views

PYSEC-2026-1452 Home Assistant does not correctly validate SSL for outgoing requests in core and used libs

Summary Problem: Potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. Details In the past, aiohttp-session/request had the parameter verifyssl to control SSL certificate verification. This was a boolean value. In...

7CVSS6AI score0.00229EPSS
Exploits0References6
OSV
OSV
added yesterday4 views

PYSEC-2026-1451 User accounts disclosed to unauthenticated actors on the LAN

Summary The login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Details Starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network...

4.3CVSS6AI score0.00908EPSS
Exploits1References6
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41749

A security flaw has been discovered in code-projects Real State Services 1.0. This affects an unknown function of the file /normalHomeRent.php. Performing a manipulation of the argument loc results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-14744 code-projects Real State Services normalHomeRent.php sql injection

A security flaw has been discovered in code-projects Real State Services 1.0. This affects an unknown function of the file /normalHomeRent.php. Performing a manipulation of the argument loc results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to...

7.5CVSS0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-14743

A vulnerability was identified in code-projects Real State Services 1.0. The impacted element is an unknown function of the file /normalHomeSale.php. Such manipulation of the argument loc leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might ...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6Affected Software1
CVE
CVE
added 3 days ago13 views

CVE-2026-14743

CVE-2026-14743 affects the code-projects Real State Services 1.0. The vulnerability is a SQL injection in an unknown function of the file /normalHomeSale.php triggered by manipulating the loc argument. Exploitation can be performed remotely, and public exploit code is available. The provided docu...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 5 days ago3 views

Anthropic Claude Code 2.1.38 < 2.1.163 Sandbox Escape (CVE-2026-55607)

The version of Anthropic Claude Code installed on the remote host is 2.1.38 prior to 2.1.163. It is, therefore, affected by a sandbox escape vulnerability: - Claude Code's worktree handling allowed creation of worktrees named '.git' and navigation to worktrees outside the sandbox context, enablin...

8.8CVSS6.4AI score0.00765EPSS
Exploits0References2
The Hacker News
The Hacker News
added 6 days ago12 views

Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices

Google has significantly degraded NetNut , one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat Intelligence Group GTIG said this week it had reduced the network's pool of usable devices by...

6AI score
Exploits0
NVD
NVD
added 2026/06/29 3:16 p.m.7 views

CVE-2026-55607

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...

8.8CVSS0.00765EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 2:19 p.m.31 views

CVE-2026-55844 Home Assistant: iOS Companion App ignores internal SSID allowlist for connections – possible leak of access token and sensor data

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the internal URL, but whenever the app cannot find any other URL to ...

7.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 2:19 p.m.14 views

CVE-2026-55844

The Home Assistant iOS companion app prior to 2025.5.0 ignores the SSID allowlist for internal networks. It uses SSID to decide when to use the internal URL, but if no other URL is available it falls back to the internal URL, which can expose the user’s token on unsecure networks. Affected compon...

7.5CVSS5.8AI score0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 2:4 p.m.8 views

CVE-2026-55607

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...

7.7CVSS6.3AI score0.00765EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/29 2:4 p.m.7 views

EUVD-2026-40117

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...

7.7CVSS6.3AI score0.00765EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 2:4 p.m.32 views

CVE-2026-55607 Claude Code: Sandbox Escape via Git Worktree Path Confusion Allows Unsandboxed Code Execution

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...

7.7CVSS0.00765EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 2:4 p.m.34 views

CVE-2026-55607

CVE-2026-55607 affects Claude Code 2.1.38–2.1.163; worktree handling allowed creation of ".git" worktrees and navigation outside the sandbox, enabling git directory confusion. Exploit via symlink manipulation and git fsmonitor during worktree operations could overwrite home-dir files (e.g., .zshe...

8.8CVSS6.3AI score0.00765EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-414 misp-modules website - Missing CSRF protection in the website home blueprint

A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of sessi...

9.3CVSS5.8AI score0.00185EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53283

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2025.5.0 Description The iOS companion app fails to respect the SSID allowlist for internal networks. While the app typically uses the Service Set Identifier SSID—the public name of a wireless network—to...

7.5CVSS5.8AI score0.00161EPSS
Exploits0References5
Rows per page
Query Builder