All 5 CVE vulnerabilities found in homebox, with AI-generated Chinese analysis, references, and POCs.
Vendor: sysadminsmedia
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40196 | HomeBox has Unauthorized API Access via Retained defaultGroup ID After Group Access Revocation CWE-708 | 8.1 | High | 2026-04-17 |
| CVE-2026-27981 | HomeBox has an Auth Rate Limit Bypass via IP Spoofing CWE-307 | 7.4 | High | 2026-03-03 |
| CVE-2026-27600 | HomeBox affected by Blind SSRF CWE-918 | 5.0 | Medium | 2026-03-03 |
| CVE-2026-26272 | HomeBox affected by Stored XSS via HTML/SVG Attachment Upload CWE-79 | 4.6 | Medium | 2026-03-03 |
| CVE-2025-53108 | HomeBox Missing User Authorization CWE-862 | 7.1AI | HighAI | 2025-07-02 |
All 5 known CVE vulnerabilities affecting homebox with full Chinese analysis, references, and POCs where available.