Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3
CVE-2026-25123
- EPSS 0.05%
- Veröffentlicht 06.02.2026 21:19:40
- Zuletzt bearbeitet 18.02.2026 18:08:19
Homarr is an open-source dashboard. Prior to 1.52.0, a public (unauthenticated) tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbound HTTP re...
- EPSS 0.15%
- Veröffentlicht 17.12.2025 21:16:15
- Zuletzt bearbeitet 30.01.2026 18:32:21
Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerabilit...
7.5
CVE-2025-54313
- EPSS 6.73%
- Veröffentlicht 19.07.2025 00:00:00
- Zuletzt bearbeitet 23.01.2026 18:33:09
eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.
1