CVE-2026-40196
- EPSS 0.03%
- Veröffentlicht 17.04.2026 21:01:18
- Zuletzt bearbeitet 17.04.2026 21:16:33
HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked....
CVE-2026-27981
- EPSS 0.05%
- Veröffentlicht 03.03.2026 22:27:37
- Zuletzt bearbeitet 05.03.2026 17:56:43
HomeBox is a home inventory and organization system. Prior to 0.24.0, the authentication rate limiter (authRateLimiter) tracks failed attempts per client IP. It determines the client IP by reading, 1. X-Real-IP header, 2. First entry of X-Forwarded-F...
CVE-2026-27600
- EPSS 0.03%
- Veröffentlicht 03.03.2026 22:23:04
- Zuletzt bearbeitet 05.03.2026 21:15:49
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to t...
CVE-2026-26272
- EPSS 0.04%
- Veröffentlicht 03.03.2026 22:20:32
- Zuletzt bearbeitet 05.03.2026 21:20:08
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting (XSS) vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file type...