📦 Majordomo

CVE-2026-27180 allows unauthenticated attackers to execute arbitrary code on MajorDoMo systems by poisoning the update URL. Attackers can deploy webshells or other malicious PHP files to the webroot w...

CVE-2026-27174 allows unauthenticated attackers to execute arbitrary PHP code on MajorDoMo home automation systems via the admin panel's PHP console. This critical vulnerability affects all MajorDoMo ...

MajorDoMo contains an unauthenticated stored XSS vulnerability that allows attackers to inject malicious JavaScript into property values. When administrators view the property editor, the malicious co...

MajorDoMo contains an unauthenticated SQL injection vulnerability in the commands module that allows attackers to execute arbitrary SQL queries without authentication. This enables extraction of admin...

MajorDoMo's command.php has a reflected XSS vulnerability where the $qry parameter is directly inserted into HTML without sanitization. Attackers can craft malicious URLs to execute arbitrary JavaScri...