Medium
CVSS: 5.3
Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows a remote attacker to force the Homarr server to perform arbitrary outbound HTTP requests. This can be us…
Medium
CVSS: 5.3
Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata i…
Medium
CVSS: 5.3
Homarr is an open-source dashboard. Prior to 1.52.0, a public (unauthenticated) tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbou…
High
CVSS: 7.5
Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vu…