Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

RedhatCVE
RedhatCVEadded 2025/12/29 3:3 p.m.2 views

CVE-2025-15141

A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...

3.1CVSS3.9AI score0.00021EPSS
Exploits0References1
CVE
CVEadded 2025/09/09 12:0 a.m.12 views

CVE-2025-44593

Halo before version 2.20.13 is affected by a vulnerability where file type detection can be bypassed, allowing upload of malicious files such as .exe and .html. The upload of .html files can trigger stored XSS. This issue is fixed in 2.20.13. Affected product/versions are Halo prior to 2.20.13; r...

6.1CVSS5.9AI score0.00038EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2025/08/05 12:0 a.m.3 views

PT-2025-31954 · Halo · Halo

Name of the Vulnerable Software and Affected Versions: Halo versions prior to 2.20.18LTS Description: The reconcile method within the AttachmentReconciler class is susceptible to Cross-Site Scripting XSS attacks. Recommendations: Update to a version of Halo later than 2.20.18LTS...

6.1CVSS5.6AI score0.00166EPSS
Exploits0References7
RedhatCVE
RedhatCVEadded 2025/05/22 5:51 p.m.2 views

CVE-2020-21522

An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system...

9.8CVSS6.9AI score0.00587EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2025/05/22 5:0 p.m.5 views

CVE-2020-21345

Cross Site Scripting XSS vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code...

6.1CVSS6.4AI score0.00223EPSS
Exploits1
OSV
OSVadded 2023/03/10 4:15 p.m.10 views

CVE-2023-27164

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file...

4.8CVSS8AI score
Exploits0References4
Positive Technologies
Positive Technologiesadded 2023/03/10 12:0 a.m.1 views

PT-2023-20983 · Halo · Halo

Name of the Vulnerable Software and Affected Versions: Halo versions up to 1.6.1 Description: The issue allows attackers to execute arbitrary code via a crafted .md file due to an arbitrary file upload vulnerability. Recommendations: For versions up to 1.6.1, update to a version later than 1.6.1 ...

4.8CVSS5.7AI score0.00626EPSS
Exploits1References10
Vulnrichment
Vulnrichmentadded 2023/03/10 12:0 a.m.8 views

CVE-2023-27164

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file...

5.7AI score0.00626EPSS
Exploits1References4
OSV
OSVadded 2022/01/13 5:15 p.m.14 views

CVE-2022-22125

In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server...

4.8CVSS5.6AI score0.00419EPSS
Exploits1References3
OSV
OSVadded 2021/07/12 5:15 p.m.10 views

CVE-2020-23079

SSRF vulnerability in Halo =1.3.2 exists in the SMTP configuration, which can detect the server intranet...

7.5CVSS6.8AI score
Exploits0References1
Rows per page
Query Builder