Sysadminsmedia Homebox
5 CVEs affecting Sysadminsmedia Homebox. Latest disclosed: 2026-04-17. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40196 | High | 8.1 | 2026-04-17 | HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned t… |
CVE-2026-27981 | High | 7.4 | 2026-03-03 | HomeBox is a home inventory and organization system. Prior to 0.24.0, the authentication rate limiter (authRateLimiter) tracks failed attempts per client IP. I… |
CVE-2026-27600 | Medium | 5.0 | 2026-03-03 | HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to w… |
CVE-2026-26272 | Medium | 4.6 | 2026-03-03 | HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting (XSS) vulnerability exists in the item attachment uplo… |
CVE-2025-53108 | | 2025-07-02 | HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updat… |