Filtered by vendor Pihome
                         Subscriptions
                    
                    
                
                        Filtered by product Maxair
                         Subscriptions
                    
                    
                
                    Total
                    5 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v3.1 | 
|---|---|---|---|---|
| CVE-2025-1742 | 1 Pihome | 1 Maxair | 2025-10-21 | 4.3 Medium | 
| A vulnerability, which was classified as problematic, has been found in pihome-shc PiHome 2.0. Affected by this issue is some unknown functionality of the file /home.php. The manipulation of the argument page_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1184 | 1 Pihome | 1 Maxair | 2025-10-17 | 6.3 Medium | 
| A vulnerability was found in pihome-shc PiHome 1.77 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?Ajax=GetModal_MQTTEdit. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1185 | 1 Pihome | 1 Maxair | 2025-10-17 | 6.3 Medium | 
| A vulnerability was found in pihome-shc PiHome 2.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?Ajax=GetModal_Sensor_Graph. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1213 | 1 Pihome | 1 Maxair | 2025-10-17 | 3.5 Low | 
| A vulnerability was found in pihome-shc PiHome 1.77. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1214 | 1 Pihome | 1 Maxair | 2025-10-17 | 6.3 Medium | 
| A vulnerability classified as critical has been found in pihome-shc PiHome 2.0. This affects an unknown part of the file /user_accounts.php?uid of the component Role-Based Access Control. The manipulation leads to missing authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
                            
                                
                                
                                    Page 1 of 1.