EUVD-2026-9335

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...

CVE-2026-27600 HomeBox affected by Blind SSRF

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...

CVE-2026-22249

CVE-2026-22249—Docmost is affected in versions 0.21.0 through before 0.24.0. The vulnerability stems from an Arbitrary File Write via Zip Import (ZipSlip) in the import utility, where filename validation is missing in apps/server/src/integrations/import/utils/file.utils.ts. This can enable unauth...

Linux Distros Unpatched Vulnerability : CVE-2024-29421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow via libs/dicom/basic.c which allows an attacker to execute arbitrary code. CVE-2024-29421...