CVE-2026-36756

A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

Halo 代码问题漏洞

Halo is a powerful and easy-to-use open-source website building tool developed by Halo. Version 2.22.14 of Halo contains a code vulnerability. This vulnerability stems from a server-side request forgery at the /plugins/name/upgrade-from-uri endpoint, which could allow authenticated attackers to...

EUVD-2026-26385

A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2026-36759

A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

Halo 代码问题漏洞

Halo is a powerful and easy-to-use open-source website building tool developed by Halo. Version 2.22.14 of Halo contains a code vulnerability. This vulnerability stems from the /themes/name/upgrade-from-uri endpoint, where server-side request forgeing exists. This could allow authenticated...

EUVD-2026-26384

A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

PT-2026-36119

A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2026-36758

CVE-2026-36758 describes a Server-Side Request Forgery (SSRF) in halo v2.22.14 affecting the /themes/-/install-from-uri endpoint. Authenticated attackers can trigger the vulnerability with a crafted GET request to scan internal resources. The issue is documented across multiple sources (NVD, CVE ...

CVE-2026-36759

The CVE-2026-36759 entry describes a Server-Side Request Forgery (SSRF) in halo v2.22.14 affecting the /themes/{name}/upgrade-from-uri endpoint. authenticated attackers can issue a crafted GET request to scan internal resources. The provided data includes CVSS v3.1 metrics (base score 6.5, MEDIUM...

CVE-2025-70886

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...

CVE-2025-15141

A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...

CVE-2025-15141

A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...

EUVD-2020-15833

Malware in sbrugna...

EUVD-2020-14290

Malware in sbrugna...

EUVD-2020-14292

Malware in sbrugna...

EUVD-2023-37687

Malicious code in bioql PyPI...

EUVD-2023-30944

Malicious code in bioql PyPI...

EUVD-2024-54441

Malicious code in bioql PyPI...

CVE-2025-44595

Halo v2.20.17 and before is vulnerable to Cross Site Scripting XSS in /halohost/archives/name...

CVE-2025-44593

Halo prior to 2.20.13 allows bypassing file type detection and uploading malicious files such as .exe and .html files. Specifically, .html files can trigger stored XSS vulnerabilities. This vulnerability is fixed in 2.20.13...