Browse all 5 CVE security advisories affecting pihome-shc. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pihome-shc serves as a home automation system for Raspberry Pi devices, enabling control of smart home components. Historically, it has been affected by multiple critical vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws. The application's exposure of sensitive functions without proper authentication has allowed attackers to execute arbitrary commands or bypass security controls. With five CVEs documented, these issues primarily stem from insufficient input validation and insecure design patterns. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential for significant compromise if deployed without hardening or in untrusted network environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-1742 | pihome-shc PiHome home.php cross site scripting — PiHomeCWE-79 | 4.3 | Medium | 2025-02-27 |
| CVE-2025-1214 | pihome-shc PiHome Role-Based Access Control user_accounts.php authorization — PiHomeCWE-862 | 6.3 | Medium | 2025-02-12 |
| CVE-2025-1213 | pihome-shc PiHome index.php cross site scripting — PiHomeCWE-79 | 3.5 | Low | 2025-02-12 |
| CVE-2025-1185 | pihome-shc PiHome ajax.php sql injection — PiHomeCWE-89 | 6.3 | Medium | 2025-02-12 |
| CVE-2025-1184 | pihome-shc PiHome ajax.php sql injection — PiHomeCWE-89 | 6.3 | Medium | 2025-02-12 |
This page lists every published CVE security advisory associated with pihome-shc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.