git: de94a3e620b5 - main - security/vuxml: Add homebox < 0.24.0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 17 Mar 2026 21:25:34 UTC
The branch main has been updated by dtxdf:
URL: https://cgit.FreeBSD.org/ports/commit/?id=de94a3e620b5bdfc8d32d64247b81cccb7f31ced
commit de94a3e620b5bdfc8d32d64247b81cccb7f31ced
Author: Jesús Daniel Colmenares Oviedo <dtxdf@FreeBSD.org>
AuthorDate: 2026-03-17 21:11:24 +0000
Commit: Jesús Daniel Colmenares Oviedo <dtxdf@FreeBSD.org>
CommitDate: 2026-03-17 21:25:15 +0000
security/vuxml: Add homebox < 0.24.0
---
security/vuxml/vuln/2026.xml | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index de1e5d7322cc..e3f205ccadf3 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,32 @@
+ <vuln vid="db3bdcc6-377f-47d9-9ce8-4bdede4fdafe">
+ <topic>homebox -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>homebox</name>
+ <range><lt>0.24.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Homebox reports:</p>
+ <ul>
+ <li>[HIGH] CVE-2026-27981: Auth Rate Limit Bypass via IP Spoofing</li>
+ <li>[MODERATE] CVE-2026-27600: Blind SSRF</li>
+ <li>[MODERATE] CVE-2026-26272: Stored XSS via HTML/SVG Attachment Upload</li>
+ </ul>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2026-27981</cvename>
+ <cvename>CVE-2026-27600</cvename>
+ <cvename>CVE-2026-26272</cvename>
+ </references>
+ <dates>
+ <discovery>2026-03-01</discovery>
+ <entry>2026-03-17</entry>
+ </dates>
+ </vuln>
+
<vuln vid="73eeb578-fd13-4d79-b50b-ed25c3614528">
<topic>chromium -- security fix</topic>
<affects>