| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40602 | hass-cli: Handling of user-supplied Jinja2 templates | home-assistant-ecosystem | home-assistant-cli | Medium | 5.6 | 2026-04-21 17:40:10 | Deep Dive |
| CVE-2026-34205 | Home Assistant: Unauthenticated App (Add-on) Endpoints Exposed to Local Network via Host Network Mode | home-assistant | Home Assistant Operating System | Critical | 9.6 | 2026-03-27 19:41:11 | Deep Dive |
| CVE-2026-33045 | Home Assistant has stored XSS in history-graphs | home-assistant | core | 高危 | - | 2026-03-27 19:39:04 | Deep Dive |
| CVE-2026-33044 | Home Assistant has stored XSS in Map-card through malicious device name | home-assistant | core | 中危 | - | 2026-03-27 19:35:46 | Deep Dive |
| CVE-2025-62172 | Home Assistant vulnerable to Stored XSS in Energy dashboard from Energy Entity Name | home-assistant | core | - | - | 2025-10-14 15:14:10 | Deep Dive |
| CVE-2025-25305 | SSL validation for outgoing requests in Home Assistant Core and used libs not correct | home-assistant | core | High | 7.0 | 2025-02-18 18:53:11 | Deep Dive |
| CVE-2023-50715 | User accounts disclosed to unauthenticated actors on the LAN | home-assistant | core | Medium | 4.3 | 2023-12-15 02:05:58 | Deep Dive |
| CVE-2023-41893 | Account takeover via auth_callback login in Home Assistant Core | home-assistant | core | Medium | 4.3 | 2023-10-19 23:27:09 | Deep Dive |
| CVE-2023-41894 | Local-only webhooks externally accessible via SniTun in Home Assistant Core | home-assistant | core | Medium | 5.3 | 2023-10-19 23:23:18 | Deep Dive |
| CVE-2023-41895 | Cross-site Scripting via auth_callback login in Home Assistant Core | home-assistant | core | High | 8.8 | 2023-10-19 22:37:24 | Deep Dive |
| CVE-2023-41896 | Fake websocket server installation permits full takeover in Home Assistant Core | home-assistant | core | High | 7.1 | 2023-10-19 22:30:50 | Deep Dive |
| CVE-2023-41897 | Lack of XFO header allows clickjacking in Home Assistant Core | home-assistant | core | High | 8.8 | 2023-10-19 22:23:32 | Deep Dive |
| CVE-2023-41899 | Partial Server-Side Request Forgery in Home Assistant Core | home-assistant | core | Medium | 6.6 | 2023-10-19 22:18:31 | Deep Dive |
| CVE-2023-41898 | Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android | home-assistant | core | High | 8.6 | 2023-10-19 22:08:41 | Deep Dive |
| CVE-2023-44385 | Client-Side Request Forgery in Home Assistant iOS/macOS native Apps | home-assistant | core | High | 8.6 | 2023-10-19 22:02:53 | Deep Dive |
| CVE-2023-27482 | Home Assistant 授权问题漏洞 | home-assistant | core | Critical | 10.0 | 2023-03-08 00:00:00 | Deep Dive |