Vulnerabilidades em home-assistant
17 resultadosCVE-2023-27482CRITICALhomeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the SupervEPSS 72.0%CVE-2023-41897HIGHLack of XFO header allows clickjacking in Home Assistant CoreEPSS 0.9%CVE-2023-50715MEDIUMUser accounts disclosed to unauthenticated actors on the LANEPSS 0.9%CVE-2023-41895HIGHCross-site Scripting via auth_callback login in Home Assistant CoreEPSS 0.7%CVE-2025-62172HIGHHome Assistant vulnerable to Stored XSS in Energy dashboard from Energy Entity NameEPSS 0.5%CVE-2021-47942HIGHHome Assistant Community Store 1.10.0 Path Traversal Account TakeoverEPSS 0.5%CVE-2023-41899MEDIUMPartial Server-Side Request Forgery in Home Assistant Core EPSS 0.5%CVE-2023-41894MEDIUMLocal-only webhooks externally accessible via SniTun in Home Assistant CoreEPSS 0.4%CVE-2023-41893MEDIUMAccount takeover via auth_callback login in Home Assistant CoreEPSS 0.4%CVE-2023-44385HIGHClient-Side Request Forgery in Home Assistant iOS/macOS native AppsEPSS 0.3%CVE-2023-41896HIGHFake websocket server installation permits full takeover in Home Assistant CoreEPSS 0.3%CVE-2026-34205CRITICALHome Assistant: Unauthenticated App (Add-on) Endpoints Exposed to Local Network via Host Network ModeEPSS 0.3%CVE-2026-33044HIGHHome Assistant has stored XSS in Map-card through malicious device nameEPSS 0.2%CVE-2025-25305HIGHSSL validation for outgoing requests in Home Assistant Core and used libs not correctEPSS 0.2%CVE-2026-33045HIGHHome Assistant has stored XSS in history-graphsEPSS 0.2%CVE-2023-41898HIGH Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for AndroidEPSS 0.2%CVE-2026-44698HIGHHome Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injectionEPSS 0.1%