Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/03/09 8:1 a.m.1 views

CVE-2026-27797

Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows a remote attacker to force the Homarr server to perform arbitrary outbound HTTP requests. This can be used as an internal network access primitive e.g., reaching...

5.3CVSS5.8AI score0.00022EPSS
Exploits1References1
NVD
NVDadded 2026/03/07 6:16 a.m.2 views

CVE-2026-27796

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service...

7.5CVSS0.00025EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/03/07 12:0 a.m.4 views

PT-2026-23830

Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows a remote attacker to force the Homarr server to perform arbitrary outbound HTTP requests. This can be used as an internal network access primitive e.g., reaching...

5.3CVSS5.8AI score0.00022EPSS
Exploits1References4
CVE
CVEadded 2025/12/17 9:9 p.m.6 views

CVE-2025-67493

CVE-2025-67493 affects Homarr before version 1.45.3. The issue arises from missing sanitization of inputs in LDAP search queries, enabling a malicious user with account access to escalate privileges and access groups of other users. Affected software is the Homarr dashboard; root cause is input h...

9CVSS6.8AI score0.00071EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/12/17 9:9 p.m.1 views

EUVD-2025-203997

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap...

7.5CVSS6.7AI score0.00071EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/12/17 12:0 a.m.4 views

PT-2025-51916

Name of the Vulnerable Software and Affected Versions Homarr versions prior to 1.45.3 Description A flaw exists in Homarr dashboard that, before version 1.45.3, could allow privilege escalation and access to other users' groups. This is due to insufficient input sanitization within the LDAP searc...

7.5CVSS6.7AI score0.00071EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/11/19 12:0 a.m.3 views

PT-2025-47516

Name of the Vulnerable Software and Affected Versions Homarr versions prior to 1.43.3 Description A stored cross-site scripting XSS issue exists in Homarr Dashboard. The issue allows the execution of arbitrary JavaScript in a user's browser with minimal user interaction. This is due to the...

8.1CVSS5.6AI score0.00057EPSS
Exploits0References5
CNVD
CNVDadded 2019/09/04 12:0 a.m.1 views

WTF Authorization Problem Vulnerability

WTF is an open source terminal-based dashboard utility program. The program supports monitoring system, service and other information. WTF is vulnerable to an authorization issue. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a networked...

5.5CVSS6.7AI score0.00046EPSS
Exploits1References1
Rows per page
Query Builder