VYPR
Vendor

Sysadminsmedia

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2026-40196HigApr 17, 2026
    risk 0.46cvss 8.1epss 0.00

    HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface…

  • CVE-2025-53108MedJul 2, 2025
    risk 0.27cvss epss 0.00

    HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on…

  • CVE-2026-27981Mar 3, 2026
    risk 0.00cvss epss 0.00

    HomeBox is a home inventory and organization system. Prior to 0.24.0, the authentication rate limiter (authRateLimiter) tracks failed attempts per client IP. It determines the client IP by reading, 1. X-Real-IP header, 2. First entry of X-Forwarded-For header, and 3.…

  • CVE-2026-27600Mar 3, 2026
    risk 0.00cvss epss 0.00

    HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address,…

  • CVE-2026-26272Mar 3, 2026
    risk 0.00cvss epss 0.00

    HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting (XSS) vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated…