Lucene search
K

466 matches found

Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-15326 halo-dev halo Theme Installation ThemeUtils.java ThemeUtils.unzipThemeTo path traversal

A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...

5.1CVSS0.00364EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-15326

A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...

5.1CVSS5.6AI score0.00364EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42782

A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...

5.1CVSS5.6AI score0.00364EPSS
Exploits0References6
CVE
CVE
added 4 days ago8 views

CVE-2026-15326

The CVE-2026-15326 entry concerns halo-dev halo up to version 2.24.2. It affects ThemeUtils.unzipThemeTo in ThemeUtils.java (Theme Installation). The vulnerability arises from manipulation of the argument metadata.name, enabling path traversal. This can be triggered remotely, and a public exploit...

5.1CVSS5.6AI score0.00364EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 5:16 p.m.28 views

CVE-2026-55439

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS0.00337EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 3:57 p.m.5 views

EUVD-2026-39465

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS6AI score0.00337EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 3:57 p.m.30 views

CVE-2026-55439 Halo: Path Traversal in Backup Download Leads to Arbitrary File Read

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS0.00337EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/25 3:57 p.m.6 views

CVE-2026-55439 Halo: Path Traversal in Backup Download Leads to Arbitrary File Read

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS6AI score0.00337EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:57 p.m.7 views

CVE-2026-55439

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS6AI score0.00337EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/25 3:57 p.m.12 views

CVE-2026-55439

Halo: Path traversal vulnerability (CVE-2026-55439) in the backup download endpoint allows authenticated administrators to read arbitrary files from the server when upgrading before 2.24.3. The issue arises because the backup filename in GET /apis/console.api.migration.halo.run/v1alpha1/backups/{...

5.5CVSS6AI score0.00337EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-36758

A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

4.3CVSS5.5AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-36757

A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

4.3CVSS5.5AI score0.00172EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-36756

A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

5.4CVSS5.5AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-36759

A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

6.5CVSS5.5AI score0.00209EPSS
Exploits0References1
HackRead
HackRead
added 2026/06/02 12:0 p.m.36 views

Halo Security Honored with 2026 MSP Today Product of the Year Award

Miami Beach, FL, USA, 2nd June 2026, CyberNewswire...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/30 5:16 p.m.4 views

CVE-2026-36757

A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

4.3CVSS0.00172EPSS
Exploits0References2
NVD
NVD
added 2026/04/30 4:16 p.m.5 views

CVE-2026-36756

A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

5.4CVSS0.00143EPSS
Exploits0References2
NVD
NVD
added 2026/04/30 4:16 p.m.6 views

CVE-2026-36759

A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

6.5CVSS0.00209EPSS
Exploits0References2
NVD
NVD
added 2026/04/30 4:16 p.m.3 views

CVE-2026-36758

A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

4.3CVSS0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 12:0 a.m.7 views

EUVD-2026-26385

A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

6.5CVSS5.2AI score0.00209EPSS
Exploits0References2
Rows per page
Query Builder