Halo Security Honored with 2026 MSP Today Product of the Year Award

Miami Beach, FL, USA, 2nd June 2026, CyberNewswire...

@drop-in-gaming/core (=0.1.7), demo-message (=1.0.0) +16 more potentially affected by unknown CVE via canvas-nest.js (>=2.0.3 <=2.0.4)

canvas-nest.js NPM version =2.0.3, =1.0.3, =1.0.0, =1.0.0, =1.0.18, =0.6.32, =0.4.17, =0.0.1, =1.0.0, =1.0.2 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4131...

CVE-2026-36757

A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2026-36756

A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2026-36759

A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2026-36758

A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

EUVD-2026-26385

A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

EUVD-2026-26383

A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2026-36758

A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2026-36758

A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

PT-2026-36117

A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

Halo 代码问题漏洞

Halo is a powerful and easy-to-use open-source website building tool developed by Halo. Version 2.22.14 of Halo has a code vulnerability. This vulnerability stems from server-side request forgery at the /plugins/-/install-from-uri endpoint, which may allow authenticated attackers to scan internal...

Halo 代码问题漏洞

Halo is a powerful and easy-to-use open-source website building tool developed by Halo. Version 2.22.14 of Halo contains a code vulnerability. This vulnerability stems from the /themes/name/upgrade-from-uri endpoint, where server-side request forgeing exists. This could allow authenticated...

PT-2026-36118

A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

EUVD-2026-26391

A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

Halo 代码问题漏洞

Halo is a powerful and easy-to-use open-source website building tool developed by Halo. Version 2.22.14 of Halo has a code vulnerability. This vulnerability stems from the /themes/-/install-from-uri endpoints, where server-side request forgery exists. This could allow authenticated attackers to...

PT-2026-36119

A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2026-36759

A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2026-36757

CVE-2026-36757 describes a Server-Side Request Forgery (SSRF) in halo v2.22.14. The vulnerability is triggered via the /plugins/{name}/upgrade-from-uri endpoint and can allow authenticated attackers to scan internal resources through a crafted GET request. Public sources in NVD/NVD-derived feeds ...

CVE-2026-36759

A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...