Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
23063.0%CRITICAL

Related CVEs

3
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-50578LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically `X-Forwarded-Host` and `Referer`. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirect attacks. This allows the loading of external resources from attacker-controlled domains and unintended redirection of users, potentially enabling phishing, UI redress, and session theft. The vulnerability exists due to insufficient validation and trust of untrusted input, affecting the integrity and trustworthiness of the application.CRITICAL9.883.4%Jul 30, 2025
CVE-2025-54597LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter.MEDIUM6.142.6%Jul 27, 2025
CVE-2022-47968Heimdall Application Dashboard through 2.5.4 allows reflected and stored XSS via "Application name" to the "Add application" page. The stored XSS will be triggered in the "Application list" page.MEDIUM5.4Dec 27, 2022