2 matches found
CVE-2026-15326
A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...
CVE-2026-36756
A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...