34 matches found
CVE-2025-60898
An unauthenticated server-side request forgery SSRF vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a server-side GET to a...
EUVD-2025-36688
An unauthenticated server-side request forgery SSRF vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a server-side GET to a...
CVE-2025-60898
An unauthenticated server-side request forgery SSRF vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a server-side GET to a...
CVE-2025-60898
An unauthenticated server-side request forgery SSRF vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a server-side GET to a...
CVE-2025-60898
An unauthenticated server-side request forgery SSRF vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a server-side GET to a...
PT-2025-44312
Name of the Vulnerable Software and Affected Versions Halo CMS version 2.21 Description An unauthenticated server-side request forgery SSRF exists in the Thumbnail via-uri endpoint. This allows a remote attacker to make the server send HTTP requests to URLs controlled by the attacker, potentially...
Halo CMS 安全漏洞
Halo CMS is a blog and content management system from China-based Lingxia Halo. A security vulnerability exists in Halo CMS version 2.21, which originates from unauthenticated user input in the Thumbnail via-uri endpoint and could lead to a server-side request forgery attack...
CVE-2025-60898
The CVE-2025-60898 vulnerability affects Halo CMS 2.21, specifically the Thumbnail via-uri endpoint. An unauthenticated SSRF occurs when the server performs a GET to a user-supplied URI without proper allow/blocklist validation, returning a 307 redirect that may disclose internal URLs in the Loca...
EUVD-2020-14291
Malware in sbrugna...
EUVD-2022-36060
Malicious code in bioql PyPI...
EUVD-2022-36061
Malicious code in bioql PyPI...
CVE-2022-32994
Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload...
CVE-2022-32995
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery SSRF via the template remote download function...
CVE-2020-21523
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: $test"touch /tmp/freemarkerPwned...
CVE-2022-32995
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery SSRF via the template remote download function...
CVE-2022-32994
Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload...
CVE-2022-32994
Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload...
CVE-2022-32995
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery SSRF via the template remote download function...
CVE-2022-32995
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery SSRF via the template remote download function...
CVE-2022-32994
Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload...