Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.4 views

CVE-2026-33045

Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...

9.3CVSS5.8AI score0.00519EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 8:35 p.m.4 views

EUVD-2026-16775

Home Assistant has stored XSS in history-graphs...

8.8CVSS5.9AI score0.00202EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/27 8:35 p.m.2 views

Cross-site Scripting (XSS)

Overview home-assistant-frontend is a The Home Assistant frontend Affected versions of this package are vulnerable to Cross-site Scripting XSS via the History-graph card in the history graph display component. An attacker can execute arbitrary JavaScript in a victim’s browser by supplying a...

8.8CVSS5.9AI score0.00202EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:39 p.m.2 views

CVE-2026-33045

Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...

9.3CVSS5.8AI score0.00519EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/27 7:39 p.m.8 views

CVE-2026-33045

Home Assistant CVE-2026-33045 is a stored XSS vulnerability in the Energy dashboard triggered by an energy entity name. Affected versions are 2025.02 through 2026.00.x (prior to 2026.01); it is fixed in 2026.01. The issue arises when entity names containing HTML are rendered in graph tooltips, en...

8.8CVSS5.8AI score0.00202EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder