39 matches found
CVE-2026-27600 HomeBox affected by Blind SSRF
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...
CVE-2026-27600 HomeBox affected by Blind SSRF
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...
CVE-2026-26272
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...
CVE-2026-26272 HomeBox affected by Stored XSS via HTML/SVG Attachment Upload
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...
CVE-2026-26272 HomeBox affected by Stored XSS via HTML/SVG Attachment Upload
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...
HomeBox 安全漏洞
HomeBox is an open-source system developed by SysAdmins Media for home users. Versions of HomeBox prior to 0.24.0 contained security vulnerabilities. These vulnerabilities stemmed from the identity authentication rate limiter unconditionally reading and trusting headers like X-Real-IP, with...
HomeBox 跨站脚本漏洞
HomeBox is an open-source project developed by SysAdmins Media, designed for home users. Versions of HomeBox prior to 0.24.0-rc.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the project’s attachment upload feature, where the types of uploaded files were not...
PT-2026-22774
Name of the Vulnerable Software and Affected Versions HomeBox versions prior to 0.24.0-rc.1 Description HomeBox is a home inventory and organization system. The notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. There is ...
PT-2026-22775
Name of the Vulnerable Software and Affected Versions HomeBox versions prior to 0.24.0 Description HomeBox, a home inventory and organization system, has an issue where the authentication rate limiter authRateLimiter incorrectly identifies client IP addresses. The rate limiter uses the X-Real-IP...
HomeBox 代码问题漏洞
HomeBox is an open-source system developed by SysAdmins Media for home users. Versions of HomeBox prior to 0.24.0-rc.1 contained code vulnerabilities. These vulnerabilities stemmed from the notification program’s functionality, which allowed authenticated users to specify arbitrary URLs without...
CVE-2025-53108
HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item...
CVE-2025-53108
HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item...
CVE-2025-53108 HomeBox Missing User Authorization
HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item...
CVE-2025-53108
CVE-2025-53108 (HomeBox) : A missing authorization check in the HomeBox API endpoints for updating and deleting inventory item attachments allows authenticated users to act on attachments owned by others, leading to potential unauthorized data manipulation or loss of inventory data. The issue is ...
CVE-2025-53108 HomeBox Missing User Authorization
HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item...
CVE-2025-53108 HomeBox Missing User Authorization
HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item...
HomeBox 安全漏洞
HomeBox is a SysAdmins Media open source inventory and organization system built for home users. A security vulnerability exists in HomeBox versions prior to 0.20.1, which stems from a lack of authorization checking and could lead to unauthorized data manipulation...
PT-2025-27638 · Homebox · Homebox
Name of the Vulnerable Software and Affected Versions: HomeBox versions prior to 0.20.1 Description: The issue is related to a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform...
SA-CONTRIB-2011-044 - Homebox for Organic Groups Cross Site Scripting
Homebox allows site administrators to create dashboards for their users, using blocks as widgets. Blocks in a Homebox page are resizeable, and reorderable by dragging. Homebox OG is a submodule of Homebox which allows Organics Groups administrators to specify a Homebox to be used as the group...