Lucene search
+L

305 matches found

Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.10 views

PT-2026-24837

Name of the Vulnerable Software and Affected Versions ha-mcp versions prior to 7.0.0 Description ha-mcp is a Home Assistant MCP Server. The ha-mcp OAuth consent form beta feature accepts a user-supplied ha url and makes a server-side HTTP request to ha url/api/config without URL validation. An...

5.3CVSS6.2AI score0.00278EPSS
Exploits0References13
Veracode
Veracode
added 2026/02/23 7:52 a.m.7 views

Directory Traversal

homeassistant is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of file paths during concatenation in the Downloader integration, which allows an attacker to manipulate paths and access unintended files...

4CVSS5.9AI score0.00362EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.27 views

CVE-2023-50715

Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant...

4.3CVSS6.5AI score0.00908EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/24 12:48 a.m.9 views

CVE-2025-65713

Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability...

4CVSS6.9AI score0.00362EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/23 6:30 p.m.6 views

EUVD-2025-204808

Home Assistant Core before is vulnerable to Directory Traversal...

4CVSS6.4AI score0.00362EPSS
Exploits1References7
vulnersOsv
vulnersOsv
added 2025/12/23 6:30 p.m.4 views

eq3btsmart (=0.0.0), hass-auth-synology (>=0.0.0 <=0.4.28) +5 more potentially affected by CVE-2025-65713 via homeassistant (>=0.83.3 <=2024.12.5)

homeassistant PYPI version =0.83.3, =0.0.0, =2021.4.0, =0.4.11, =1.2.0, =0.3.0, =0.13.85 Source cves: CVE-2025-65713 Source advisory: OSV:GHSA-PP3G-XMM4-5CW9...

4CVSS5.4AI score0.00362EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2025/12/23 6:30 p.m.13 views

Home Assistant Core before is vulnerable to Directory Traversal

Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability...

4CVSS7AI score0.00362EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2025/12/23 6:30 p.m.8 views

GHSA-PP3G-XMM4-5CW9 Home Assistant Core before is vulnerable to Directory Traversal

Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability...

8.3CVSS6.8AI score0.00362EPSS
Exploits1References7
NVD
NVD
added 2025/12/23 5:15 p.m.11 views

CVE-2025-65713

Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability...

4CVSS0.00362EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/23 12:0 a.m.1 views

CVE-2025-65713

Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability...

6.5AI score0.00362EPSS
Exploits1References2
CVE
CVE
added 2025/12/23 12:0 a.m.26 views

CVE-2025-65713

Summary. CVE-2025-65713 affects Home Assistant Core, specifically the Downloader integration within versions prior to 2025.8.0. The root cause is improper validation of file paths during path construction, enabling a directory traversal vulnerability. The public descriptions across several source...

4CVSS6.5AI score0.00362EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.7 views

Home Assistant 安全漏洞

Home Assistant is an open source home automation management system from Home Assistant Open Source. The system is primarily used to control home automation devices. A security vulnerability exists in Home Assistant versions prior to 2025.8.0 that stems from insufficient file path validation and...

4CVSS6.3AI score0.00362EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/23 12:0 a.m.32 views

CVE-2025-65713

Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability...

0.00362EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.14 views

PT-2025-52771

Name of the Vulnerable Software and Affected Versions Home Assistant Core versions prior to 2025.8.0 Description The Downloader integration does not completely validate file paths when combining them, which creates a directory traversal issue. This allows unauthorized access to files outside the...

8.3CVSS6.6AI score0.00362EPSS
Exploits1References16
OSV
OSV
added 2025/12/23 12:0 a.m.7 views

CVE-2025-65713

Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability...

4CVSS6.8AI score0.00362EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/10/14 7:36 p.m.13 views

Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name

Summary An authenticated party can add a malicious name to the Energy entity, allowing for Cross-Site Scripting attacks against anyone who can see the Energy dashboard, when they hover over any information point The blue bar in the picture below An alternative, and more impactful scenario, is tha...

9.3CVSS6.1AI score0.00512EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/10/14 7:36 p.m.10 views

GHSA-MQ77-RV97-285M Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name

Summary An authenticated party can add a malicious name to the Energy entity, allowing for Cross-Site Scripting attacks against anyone who can see the Energy dashboard, when they hover over any information point The blue bar in the picture below An alternative, and more impactful scenario, is tha...

9.3CVSS6.1AI score0.00512EPSS
Exploits1References7
NVD
NVD
added 2025/10/14 4:15 p.m.11 views

CVE-2025-62172

Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1, the energy dashboard is vulnerable to stored cross-site scripting. An authenticated user can inject malicious JavaScript code into an energy entity's name fiel...

9.3CVSS0.00512EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/14 3:14 p.m.1 views

CVE-2025-62172 Home Assistant vulnerable to Stored XSS in Energy dashboard from Energy Entity Name

Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1, the energy dashboard is vulnerable to stored cross-site scripting. An authenticated user can inject malicious JavaScript code into an energy entity's name fiel...

9.3CVSS6.1AI score0.00512EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/14 3:14 p.m.14 views

CVE-2025-62172 Home Assistant vulnerable to Stored XSS in Energy dashboard from Energy Entity Name

Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1, the energy dashboard is vulnerable to stored cross-site scripting. An authenticated user can inject malicious JavaScript code into an energy entity's name fiel...

9.3CVSS0.00512EPSS
Exploits0References1
Rows per page
Query Builder