Vulnerabilities in homarr-labs
7 resultsCVE-2026-27797MEDIUMHomarr: Unauthenticated SSRF in rssFeed.tsEPSS 0.4%CVE-2026-27796MEDIUMHomarr: Unauthenticated Information Disclosure (Integration Metadata Leak)EPSS 0.4%CVE-2025-64759HIGHHomarr is Vulnerable to Stored Cross-Site Scripting (XSS) and Possible Privilege Escalation via Malicious SVG UploadEPSS 0.3%CVE-2026-25123MEDIUMHomarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.pingEPSS 0.3%CVE-2025-67493HIGHHomarr: missing input sanitization and possible privilege escalation through ldap search query injectionEPSS 0.3%CVE-2026-33510HIGHDOM-Based XSS in Homarr /auth/login RedirectEPSS 0.2%CVE-2026-32602MEDIUMHomarr has a Race Condition in Invite Token Registration (TOCTOU)EPSS 0.1%