Lucene search
K

65 matches found

EUVD
EUVD
added 2026/06/25 3:57 p.m.4 views

EUVD-2026-39465

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS6AI score0.00337EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 3:57 p.m.27 views

CVE-2026-55439 Halo: Path Traversal in Backup Download Leads to Arbitrary File Read

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS0.00337EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.7 views

CVE-2026-36757

A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

4.3CVSS5.5AI score0.00172EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 4:16 p.m.3 views

CVE-2026-36758

A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

4.3CVSS0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36758

A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

5.2AI score0.00168EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.32 views

CVE-2026-36759

A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

0.00209EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.5 views

CVE-2026-36756

A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

5.2AI score0.00143EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.4 views

CVE-2026-36758

A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

5.2AI score0.00168EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.5 views

CVE-2026-36756

A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

5.2AI score0.00143EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36757

A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

5.2AI score0.00172EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.7 views

PT-2026-36117

A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

5.4CVSS5.2AI score0.00143EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.32 views

CVE-2026-36756

A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

0.00143EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.27 views

CVE-2026-36757

A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 12:0 a.m.5 views

EUVD-2026-26391

A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

4.3CVSS5.2AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 12:0 a.m.9 views

CVE-2026-36757

CVE-2026-36757 describes a Server-Side Request Forgery (SSRF) in halo v2.22.14. The vulnerability is triggered via the /plugins/{name}/upgrade-from-uri endpoint and can allow authenticated attackers to scan internal resources through a crafted GET request. Public sources in NVD/NVD-derived feeds ...

4.3CVSS5.2AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 12:0 a.m.8 views

EUVD-2026-26383

A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

5.4CVSS5.2AI score0.00143EPSS
Exploits0References2
OSV
OSV
added 2026/02/12 4:16 p.m.4 views

CVE-2025-70886

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...

7.5CVSS5.6AI score0.00441EPSS
Exploits2References3
CVE
CVE
added 2026/02/12 12:0 a.m.7 views

CVE-2025-70886

CVE-2025-70886 affects Halo CMS, version 2.22.4 and earlier. A crafted payload submitted to the public comment endpoint can cause a denial of service, impacting service availability. The issue is documented across multiple feeds (Red Hat, NVD, OSV, CIRCL, Snyk, etc.) and is associated with a DoS ...

7.5CVSS5.7AI score0.00441EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2026/02/12 12:0 a.m.23 views

CVE-2025-70886

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...

0.00441EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/02/12 12:0 a.m.4 views

CVE-2025-70886

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...

7.5CVSS5.7AI score0.00441EPSS
Exploits2References4
Rows per page
Query Builder