Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.7 views

CVE-2026-27600

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...

5CVSS6.1AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.4 views

CVE-2026-26272

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...

5.4CVSS5.8AI score0.00166EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/04 3:33 a.m.2 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force via the authentication rate limiting process. An attacker can bypass authentication rate limiting by forging the X-Real-IP header, allowing unlimited authentication attempts from a single source. Remediation Upgrade...

9.1CVSS5.8AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/04 12:27 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the notifier functionality. An attacker can enumerate internal services by supplying arbitrary URLs, causing the application to send HTTP POST requests and observing UI behavior differences based on...

5.3CVSS6AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/04 12:27 a.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the notifier functionality. An attacker can enumerate internal services by supplying arbitrary URLs, causing the application to send HTTP POST requests and observing UI behavior differences based on...

5.3CVSS6AI score0.00187EPSS
Exploits0References2
NVD
NVD
added 2026/03/03 11:15 p.m.10 views

CVE-2026-27600

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...

5CVSS0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/03 10:23 p.m.25 views

CVE-2026-27600 HomeBox affected by Blind SSRF

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...

5CVSS0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/03 10:23 p.m.11 views

EUVD-2026-9335

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...

5CVSS6.1AI score0.00187EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/03 10:23 p.m.4 views

CVE-2026-27600

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...

5CVSS6.1AI score0.00187EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/03 10:20 p.m.18 views

CVE-2026-26272 HomeBox affected by Stored XSS via HTML/SVG Attachment Upload

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...

4.6CVSS0.00166EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/03 10:20 p.m.5 views

CVE-2026-26272 HomeBox affected by Stored XSS via HTML/SVG Attachment Upload

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 10:20 p.m.5 views

CVE-2026-26272 HomeBox affected by Stored XSS via HTML/SVG Attachment Upload

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.10 views

HomeBox 跨站脚本漏洞

HomeBox is an open-source project developed by SysAdmins Media, designed for home users. Versions of HomeBox prior to 0.24.0-rc.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the project’s attachment upload feature, where the types of uploaded files were not...

5.4CVSS5.7AI score0.00166EPSS
Exploits0References2
Rows per page
Query Builder