CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

283 matches found

Home Assistant HACS - Local File Inclusion

Home Assistant before 2021.1.3 lacks a protection layer against directory-traversal attacks in custom integrations, letting attackers access arbitrary files, exploit requires attacker to deploy malicious custom integration. id: CVE-2021-3152 info: name: Home Assistant HACS - Local File Inclusion...

5.3CVSS6.2AI score0.27878EPSS

Exploits0References4

RedhatCVE•added last week•6 views

CVE-2026-45323

MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...

9.6CVSS6.1AI score0.00046EPSS

Exploits1References1

NVD•added last week•8 views

CVE-2026-44698

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app WebView window.externalApp on Android and...

8.3CVSS0.0002EPSS

Exploits0References1

ATTACKERKB•added last week•4 views

CVE-2026-44698

8.3CVSS6.1AI score0.0002EPSS

Exploits0References2Affected Software3

CVE•added last week•24 views

CVE-2026-44698

CVE-2026-44698 affects the Home Assistant Companion apps for Android and iOS, where a JavaScript bridge exposed to in-app WebView could be reached by all frames. The root cause is the bridge exposure along with unsanitized interpolation of the JavaScript callback identifier, allowing a cross-orig...

8.3CVSS6.1AI score0.0002EPSS

Exploits0References1

Vulnrichment•added last week•5 views

CVE-2026-44698 Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection

8.3CVSS6.1AI score0.0002EPSS

Exploits0References1

Cvelist•added last week•26 views

CVE-2026-44698 Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection

8.3CVSS0.0002EPSS

Exploits0References1

CNNVD•added 2026/05/29 12:0 a.m.•5 views

Home Assistant 安全漏洞

Home Assistant is an open-source family automation management system developed by Home Assistant. This system is primarily used to control household automation devices. Versions of Home Assistant prior to 2026.4.1 for iOS and 2026.4.4 for Android have security vulnerabilities. These vulnerabiliti...

8.3CVSS6.1AI score0.0002EPSS

Exploits0References1

Positive Technologies•added 2026/05/29 12:0 a.m.•5 views

PT-2026-44845

Name of the Vulnerable Software and Affected Versions Home Assistant Companion app for iOS versions prior to 2026.4.1 Home Assistant Companion app for Android versions prior to 2026.4.4 Description The Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app...

8.3CVSS6AI score0.0002EPSS

Exploits0References4

NVD•added 2026/05/28 6:16 p.m.•8 views

CVE-2026-45323

9.6CVSS0.00046EPSS

Exploits1References1

Vulnrichment•added 2026/05/28 4:54 p.m.•5 views

CVE-2026-45323 MeshCore Card: XSS vulnerability through meshcore node name

9.6CVSS6.1AI score0.00046EPSS

Exploits1References1

EUVD•added 2026/05/28 4:54 p.m.•7 views

EUVD-2026-32972

9.6CVSS6.1AI score0.00046EPSS

Exploits1References1

Cvelist•added 2026/05/28 4:54 p.m.•24 views

CVE-2026-45323 MeshCore Card: XSS vulnerability through meshcore node name

9.6CVSS0.00046EPSS

Exploits1References1

CVE•added 2026/05/28 4:54 p.m.•7 views

CVE-2026-45323

Summary: CVE-2026-45323 affects MeshCore Card for Home Assistant. Before version 0.3.3, node names in the meshcore-card were rendered without HTML escaping, enabling an attacker within direct or indirect (repeated) radio range to inject arbitrary JavaScript in the Home Assistant frontend of any v...

9.6CVSS6.1AI score0.00046EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/05/28 4:54 p.m.•6 views

CVE-2026-45323

9.6CVSS6.1AI score0.00046EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/05/28 12:0 a.m.•4 views

MeshCore Card 跨站脚本漏洞

The MeshCore Card is a Home Assistant card developed by John Pettitt, designed to display statistical data related to the MeshCore grid network. Versions of the MeshCore Card prior to 0.3.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the names of...

9.6CVSS5.9AI score0.00046EPSS

Exploits1References2

NVD•added 2026/05/16 4:16 p.m.•6 views

CVE-2021-47942

Home Assistant Community Store HACS prior to 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh...

8.7CVSS0.00113EPSS

Exploits1References4

ATTACKERKB•added 2026/05/16 3:28 p.m.•6 views

CVE-2021-47942

8.7CVSS5.8AI score0.00113EPSS

Exploits1References4

Vulnrichment•added 2026/05/16 3:28 p.m.•3 views

CVE-2021-47942 Home Assistant Community Store 1.10.0 Path Traversal Account Takeover

8.7CVSS5.8AI score0.00113EPSS

Exploits1References4

CVE•added 2026/05/16 3:28 p.m.•7 views

CVE-2021-47942

CVE-2021-47942 concerns Home Assistant Community Store (HACS) 1.10.0. The vulnerability is a path traversal flaw exposed via the /hacsfiles/ endpoint, allowing unauthenticated attackers to read sensitive files (notably .storage/auth) and retrieve credentials/refresh tokens. With this access, an a...

8.7CVSS5.8AI score0.00113EPSS

Exploits1References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by