Browse all 7 CVE security advisories affecting homarr-labs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33510 | DOM-Based XSS in Homarr /auth/login Redirect — homarrCWE-87 | 8.8 | High | 2026-04-06 |
| CVE-2026-32602 | Homarr has a Race Condition in Invite Token Registration (TOCTOU) — homarrCWE-367 | 4.2 | Medium | 2026-04-06 |
| CVE-2026-27796 | Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak) — homarrCWE-200 | 5.3 | Medium | 2026-03-07 |
| CVE-2026-27797 | Homarr: Unauthenticated SSRF in rssFeed.ts — homarrCWE-918 | 5.3 | Medium | 2026-03-07 |
| CVE-2026-25123 | Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping — homarrCWE-918 | 5.3 | Medium | 2026-02-06 |
| CVE-2025-67493 | Homarr issing input sanitization and possible privilege escalation through ldap search query injection — homarrCWE-20 | 7.5 | High | 2025-12-17 |
| CVE-2025-64759 | Homarr is Vulnerable to Stored Cross-Site Scripting (XSS) and Possible Privilege Escalation via Malicious SVG Upload — homarrCWE-20 | 8.1 | High | 2025-11-19 |
This page lists every published CVE security advisory associated with homarr-labs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.