CVE-2026-40196

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

Incorrect Ownership Assignment

Overview Affected versions of this package are vulnerable to Incorrect Ownership Assignment through improper validation of the defaultGroup ID after group access revocation. An attacker can gain unauthorized access to group collections and perform full CRUD operations by omitting the X-Tenant...

CVE-2026-40196

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

CVE-2026-40196

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

EUVD-2026-23539

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

CVE-2026-40196 HomeBox has Unauthorized API Access via Retained defaultGroup ID After Group Access Revocation

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

CVE-2026-40196 HomeBox has Unauthorized API Access via Retained defaultGroup ID After Group Access Revocation

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

CVE-2026-40196

HomeBox (home inventory system) versions prior to 0.25.0 are affected by an access control flaw where a user’s defaultGroup ID remains assigned after being invited to a group, and revocation via the web interface does not apply to the API. The root cause is that the original group ID persists as ...

CLEANSTART-2026-KD93706 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 0.25.0-r0

Multiple security vulnerabilities affect the esbuild package. These issues are resolved in later releases. See references for individual vulnerability details...

[SECURITY] Fedora 42 Update: rust-bat-0.25.0-9.fc42

A cat1 clone with wings...

CVE-2026-24045 Docmost Affected by Stored XSS in Public Share Page

Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting XSS attacks...

CVE-2026-24045 Docmost Affected by Stored XSS in Public Share Page

Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting XSS attacks...

CVE-2026-24045

Docmost 0.25.0 fixes a stored XSS on the public share page where page titles are inserted into meta and title tags without proper HTML escaping. Affected: Docmost prior to 0.25.0. Severity: high (CVSS 3.1 base 7.3). Impact: arbitrary JavaScript execution in the context of any user who opens a sha...

Docmost 安全漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.25.0 contained security vulnerabilities, which were caused by insufficient HTML escape sequences, potentially leading to stored-xss attacks...

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the sse or streaming transport modes. An attacker can gain unauthorized access to internal resources by tricking a victim into visiting a malicious website or serving a malicious advertisement...

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the sse or streaming transport modes. An attacker can gain unauthorized access to internal resources by tricking a victim into visiting a malicious website or serving a malicious advertisement...

[SECURITY] Fedora 43 Update: docker-buildkit-0.25.0-1.fc43

Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit...

Fedora 43 : docker-buildkit (2025-f7a2d648e7)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f7a2d648e7 advisory. - Update to release v0.25.0 - Resolves: rhbz2399354, rhbz2399081, rhbz2398678, rhbz2398424 - Upstream feature additions and fixes Tenable has...

[SECURITY] Fedora 41 Update: docker-buildkit-0.25.0-1.fc41

Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit...

[SECURITY] Fedora 42 Update: docker-buildkit-0.25.0-1.fc42

Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit...