9 matches found
CVE-2026-27796
Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service...
CVE-2026-27796 Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak)
Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service...
CVE-2026-27796 Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak)
Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service...
CVE-2026-27796
Summary: Vulnerability in Homarr prior to v1.54.0 where the integration.all tRPC endpoint was exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations (internal URLs, names, service types). This information disclosure impact is stated as ...
CVE-2026-27796 Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak)
Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service...
CVE-2026-26188 Solspace Freeform plugin affected by Stored Cross-Site Scripting (XSS) in Freeform Craft Plugin CP UI (builder/integrations)
Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are...
Cross-site Scripting (XSS)
Overview solspace/craft-freeform is a flexible and user-friendly form building plugin! Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the use of the dangerouslySetInnerHTML function in various client and plugin page components. An attacker can execute arbitrar...
CA ERwin Web Portal MIMM ConfigServiceProviderServlet Remote File Creation/Overwrite Vulnerability
This vulnerability allows remote attackers to overwrite arbitrary .xml files on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the "Meta...
CA ERwin Web Portal MIMM downloadScriptFile.do Information Disclosure Vulnerability
This vulnerability allows remote attackers to read nearly any system file, including database credentials, on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific fl...