home-assistant Core Vulnerabilities
Home-assistant Core vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Man-in-the-Middle Vulnerability in Home Assistant Core Software
CVE-2025-25305Home-assistantCore7HIGHUser accounts disclosed to unauthenticated actors on the LAN
CVE-2023-50715home-assistantcore4.3MEDIUMAccount takeover via auth_callback login in Home Assistant Core
CVE-2023-41893Home-assistantCore4.3MEDIUMLocal-only webhooks externally accessible via SniTun in Home Assistant Core
CVE-2023-41894Home-assistantCore5.3MEDIUMCross-site Scripting via auth_callback login in Home Assistant Core
CVE-2023-41895Home-assistantCore8.8HIGHFake websocket server installation permits full takeover in Home Assistant Core
CVE-2023-41896Home-assistantCore7.1HIGHLack of XFO header allows clickjacking in Home Assistant Core
CVE-2023-41897Home-assistantCore8.8HIGHArbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android
CVE-2023-41898Home-assistantCore8.6HIGHPartial Server-Side Request Forgery in Home Assistant Core
CVE-2023-41899Home-assistantCore6.6MEDIUMClient-Side Request Forgery in Home Assistant iOS/macOS native Apps
CVE-2023-44385Home-assistantCore8.6HIGHAuthentication Bypass in Home Assistant Supervisor by Vendor Home Assistant
CVE-2023-27482Home-assistantCoreEPSS 89%10CRITICAL
18 February 2025
15 December 2023
20 October 2023
19 October 2023
8 March 2023
No more vulnerabilities to load.