Home Assistant HACS - Local File Inclusion

Home Assistant before 2021.1.3 lacks a protection layer against directory-traversal attacks in custom integrations, letting attackers access arbitrary files, exploit requires attacker to deploy malicious custom integration. id: CVE-2021-3152 info: name: Home Assistant HACS - Local File Inclusion...

CVE-2015-3152

creationtimestamp| type| source ---|---|--- 2026-05-22 12:39:13+00:00| seen| https://gist.github.com/rayepenber095/9265581788dc4d7e014abf52554d8b7f...

CVE-2021-3152

creationtimestamp| type| source ---|---|--- 2026-04-22 08:43:03+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-3152.yaml 2026-04-23 21:03:09+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mk6vwthxjx2x...

CVE-2026-3152

creationtimestamp| type| source ---|---|--- 2026-02-25 16:40:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mfp4o5hsbh2h...

openSUSE Security Advisory (SUSE-SU-2026:0290-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2026:0280-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2026:0280-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2015-8704

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2014-3152

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before...

CVE-2021-3152

Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Hom...

RHEL 6 / 7 : mariadb55-mariadb (RHSA-2015:1647)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1647 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client...

CVE-2025-3152

creationtimestamp| type| source ---|---|--- 2025-04-03 08:34:26+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10191 2025-04-03 11:03:05+00:00| seen| https://t.me/cvedetector/21949...

CVE-2025-3152

A vulnerability classified as problematic has been found in caipeichao ThinkOX 1.0. This affects an unknown part of the file /ThinkOX-master/index.php?s=/Weibo/Index/search.html of the component Search. The manipulation of the argument keywords leads to cross site scripting. It is possible to...

CVE-2025-3152 caipeichao ThinkOX Search search.html cross site scripting

A vulnerability classified as problematic has been found in caipeichao ThinkOX 1.0. This affects an unknown part of the file /ThinkOX-master/index.php?s=/Weibo/Index/search.html of the component Search. The manipulation of the argument keywords leads to cross site scripting. It is possible to...

CVE-2025-3152

CVE-2025-3152 affects Caipeichao ThinkOX 1.0, specifically the Search component at /ThinkOX-master/index.php?s=/Weibo/Index/search.html. The vulnerability arises from manipulation of the keywords argument, enabling cross-site scripting. It can be triggered remotely and the exploit has been disclo...

CVE-2025-3152 caipeichao ThinkOX Search search.html cross site scripting

A vulnerability classified as problematic has been found in caipeichao ThinkOX 1.0. This affects an unknown part of the file /ThinkOX-master/index.php?s=/Weibo/Index/search.html of the component Search. The manipulation of the argument keywords leads to cross site scripting. It is possible to...

CVE-2023-3152

creationtimestamp| type| source ---|---|--- 2025-01-06 20:50:34+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/230...

CVE-2024-3152

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...

CVE-2024-3152 Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...

CVE-2024-3152 Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...