Heimdall Application Dashboard Security Vulnerabilities and Issues — Heimdall Application Dashboard CVE List

Lucene search

LinuxserverHeimdall Application Dashboard

5 matches found

CVE•added 2024/04/01 12:15 a.m.•49 views

CVE-2023-51803

LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "" substring.

9.8CVSS6.8AI score0.00084EPSS

CVE•added 2024/11/05 11:15 p.m.•48 views

CVE-2024-51358

An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application.

9.8CVSS7.8AI score0.09717EPSS

CVE•added 2022/12/27 6:15 p.m.•45 views

CVE-2022-47968

Heimdall Application Dashboard through 2.5.4 allows reflected and stored XSS via "Application name" to the "Add application" page. The stored XSS will be triggered in the "Application list" page.

5.4CVSS5.1AI score0.00085EPSS

CVE•added 2025/07/27 3:15 a.m.•9 views

CVE-2025-54597

LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter.

7.2CVSS6AI score0.00031EPSS

CVE•added 2025/07/30 4:15 p.m.•7 views

CVE-2025-50578

LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirect attacks. This allows the loading o...

9.8CVSS7.6AI score0.00219EPSS