Homey

Missing Authorization to Authenticated (Subscriber+) Arbitrary Reservation & Post Deletion vulnerability <= 2.4.4

Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion vulnerability <= 2.4.4

CrossSite Request Forgery to User Verification vulnerability <= 2.4.3

Limited Authentication Bypass due to Missing Empty Value Check vulnerability <= 2.4.3

Unauthenticated Privilege Escalation in homey_save_profile vulnerability <= 2.4.2