4 matches found
EUVD-2022-3076
Malicious code in bioql PyPI...
CVE-2023-41897
Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...
CVE-2023-44385
The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this...
PT-2023-28153
Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2023.9.0 Description The issue concerns the omission of HTTP security headers, including the X-Frame-Options header, in Home Assistant server. This omission facilitates covert clickjacking attacks and other...