3254 matches found
Home Assistant HACS - Local File Inclusion
Home Assistant before 2021.1.3 lacks a protection layer against directory-traversal attacks in custom integrations, letting attackers access arbitrary files, exploit requires attacker to deploy malicious custom integration. id: CVE-2021-3152 info: name: Home Assistant HACS - Local File Inclusion...
Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
Media Library Assistant plugin for WordPress before 2.82 contains a local file inclusion caused by unsanitized mlagallery link parameter, letting attackers include arbitrary local files, exploit requires access to the vulnerable link. id: CVE-2020-11732 info: name: Media Library Assistant 2.82 -...
LG LED Assistant - Thumbnail Path Traversal File Upload
A path traversal vulnerability exists in the endpoint handler for /api/thumbnail in Common.js. An unauthenticated remote attacker can exploit this to upload arbitrary files to any location on the disk drive where the product is installed. id: CVE-2024-2863 info: name: LG LED Assistant - Thumbnail...
AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls
The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ayschatgptdisconnect, ayschatgptconnect, and ayschatgptsavefeedback id: CVE-2024-7714 info: name: AI Assistant with...
WordPress Media Library Assistant <= 3.34 - SQL Injection
David Lingren Media Library Assistant = 3.34 contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2026-34885 info: name: WordPress Media Library Assistant = 3.34 -...
Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion
A vulnerability in the Wordpress Media-Library-Assistant plugins in version 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. id: CVE-2023-4634 info: name: Media Library Assistant 3.09 - Remote Code Execution/Local File Inclusion...
LG LED Assistant - Unauthenticated Password Reset
The /api/changePw endpoint in LG LED Assistant allows unauthenticated password resets when requests are considered to come from localhost. An attacker can spoof the X-Forwarded-For header with value 127.0.0.1 to trigger the behavior and receive a success response. id: CVE-2024-2862 info: name: LG...
EUVD-2026-43548
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...
CVE-2026-62328 9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...
CVE-2026-10660
The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bapbroadcastassistant.c reassembled remote Broadcast Receive State data into a single file-static netbufsimple attbuf, BTATTMAXATTRIBUTELEN = 512 bytes shared by all connection instances, while the BUSY flag, long-read...
CVE-2026-10660
The CVE-2026-10660 issue affects the Zephyr Bluetooth BAP Broadcast Assistant GATT client (subsys/bluetooth/audio/bap_broadcast_assistant.c). A single static net_buf_simple buffer (att_buf, BT_ATT_MAX_ATTRIBUTE_LEN = 512) is shared across all connections; per-connection state (BUSY flag, long-rea...
CVE-2026-10660 Shared reassembly buffer in Bluetooth BAP Broadcast Assistant enables cross-connection memory corruption
The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bapbroadcastassistant.c reassembled remote Broadcast Receive State data into a single file-static netbufsimple attbuf, BTATTMAXATTRIBUTELEN = 512 bytes shared by all connection instances, while the BUSY flag, long-read...
CVE-2026-10660 Shared reassembly buffer in Bluetooth BAP Broadcast Assistant enables cross-connection memory corruption
The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bapbroadcastassistant.c reassembled remote Broadcast Receive State data into a single file-static netbufsimple attbuf, BTATTMAXATTRIBUTELEN = 512 bytes shared by all connection instances, while the BUSY flag, long-read...
CVE-2026-10660 Shared reassembly buffer in Bluetooth BAP Broadcast Assistant enables cross-connection memory corruption
The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bapbroadcastassistant.c reassembled remote Broadcast Receive State data into a single file-static netbufsimple attbuf, BTATTMAXATTRIBUTELEN = 512 bytes shared by all connection instances, while the BUSY flag, long-read...
EUVD-2026-42974
Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced...
EUVD-2026-42511
The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several REST API endpoints belonging to its onboarding assistant: the capability check is only applied when an attacker-controllable request header holds a specific value, so it can be bypassed by omitting or...
PYSEC-2026-1454 Home Assistant Core before is vulnerable to Directory Traversal
Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability...
PYSEC-2026-1452 Home Assistant does not correctly validate SSL for outgoing requests in core and used libs
Summary Problem: Potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. Details In the past, aiohttp-session/request had the parameter verifyssl to control SSL certificate verification. This was a boolean value. In...
PYSEC-2026-1451 User accounts disclosed to unauthenticated actors on the LAN
Summary The login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Details Starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network...
CVE-2026-55844
The Home Assistant iOS companion app prior to 2025.5.0 ignores the SSID allowlist for internal networks. It uses SSID to decide when to use the internal URL, but if no other URL is available it falls back to the internal URL, which can expose the user’s token on unsecure networks. Affected compon...