| CVE-2026-33045 |
unknown |
— |
— |
|
|
|
2mo ago |
Home Assistant has stored XSS in history-graphs |
| CVE-2026-33044 |
unknown |
— |
— |
|
|
|
2mo ago |
Home Assistant has stored XSS in Map-card through malicious device name |
| CVE-2025-65713 |
unknown |
— |
— |
|
|
|
6mo ago |
Home Assistant Core before is vulnerable to Directory Traversal |
| CVE-2025-62172 |
unknown |
— |
— |
|
|
|
8mo ago |
Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name |
| CVE-2025-25305 |
unknown |
— |
— |
|
|
|
1y ago |
Home Assistant does not correctly validate SSL for outgoing requests in core and used libs |
| CVE-2023-50715 |
unknown |
— |
— |
|
|
|
3y ago |
User accounts disclosed to unauthenticated actors on the LAN |
| CVE-2023-41893 |
unknown |
— |
— |
|
|
|
3y ago |
Home assistant is an open source home automation. The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized … |
| CVE-2018-21019 |
unknown |
— |
— |
|
|
|
4y ago |
Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py. |
