Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.7 views

CVE-2026-27600

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...

5CVSS6.1AI score0.00187EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/04 12:27 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the notifier functionality. An attacker can enumerate internal services by supplying arbitrary URLs, causing the application to send HTTP POST requests and observing UI behavior differences based on...

5.3CVSS6AI score0.00187EPSS
Exploits0References2
NVD
NVD
added 2026/03/03 11:15 p.m.10 views

CVE-2026-27600

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...

5CVSS0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/03 10:23 p.m.11 views

EUVD-2026-9335

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...

5CVSS6.1AI score0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/03/03 10:23 p.m.20 views

CVE-2026-27600

CVE-2026-27600 : In HomeBox, prior to version 0.24.0-rc.1, the notifier allows authenticated users to specify arbitrary URLs for HTTP POST requests without validating host/IP/port. This can yield a behavioral side-channel that enables internal service enumeration, as the UI behavior varies with t...

5CVSS6.1AI score0.00187EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/03 10:23 p.m.4 views

CVE-2026-27600

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...

5CVSS6.1AI score0.00187EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/25 10:18 a.m.11 views

CVE-2025-5350

SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request forgery SSRF. Additionally, the...

5.9CVSS5.6AI score0.00583EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-18779

Malicious code in bioql PyPI...

7.8CVSS6.5AI score0.00526EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-27285

Malicious code in bioql PyPI...

6.8CVSS6.4AI score0.00846EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/11/07 12:0 a.m.6 views

PT-2025-26457 · Selea · Targa 710 Inox +9

Name of the Vulnerable Software and Affected Versions: Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB affected versions not specified Description: A server-side request forgery SS...

7.8CVSS6.6AI score0.00526EPSS
Exploits1References10
Rows per page
Query Builder