All 7 CVE vulnerabilities found in homarr, with AI-generated Chinese analysis, references, and POCs.
Vendor: homarr-labs
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33510 | DOM-Based XSS in Homarr /auth/login Redirect CWE-87 | 8.8 | High | 2026-04-06 |
| CVE-2026-32602 | Homarr has a Race Condition in Invite Token Registration (TOCTOU) CWE-367 | 4.2 | Medium | 2026-04-06 |
| CVE-2026-27796 | Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak) CWE-200 | 5.3 | Medium | 2026-03-07 |
| CVE-2026-27797 | Homarr: Unauthenticated SSRF in rssFeed.ts CWE-918 | 5.3 | Medium | 2026-03-07 |
| CVE-2026-25123 | Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping CWE-918 | 5.3 | Medium | 2026-02-06 |
| CVE-2025-67493 | Homarr issing input sanitization and possible privilege escalation through ldap search query injection CWE-20 | 7.5 | High | 2025-12-17 |
| CVE-2025-64759 | Homarr is Vulnerable to Stored Cross-Site Scripting (XSS) and Possible Privilege Escalation via Malicious SVG Upload CWE-20 | 8.1 | High | 2025-11-19 |
All 7 known CVE vulnerabilities affecting homarr with full Chinese analysis, references, and POCs where available.