Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical5
High0
Medium0
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2026-02-02

CVE-2026-22240 - BLUVOYIX Plugin

The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the plaintext passwords of all user users. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform by logging in using an exposed admin email address and password.

PLUGIN BLUVOYIX

CVE-2026-22240

CRITICAL CVSS 10.0 2026-01-14
Open Full Technical Breakdown
Threat Entry Updated 2026-02-02

CVE-2026-22239 - BLUVOYIX Plugin

The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable email sending API. Successful exploitation of this vulnerability could allow the attacker to send unsolicited emails to anyone on behalf of the company.

PLUGIN BLUVOYIX

CVE-2026-22239

CRITICAL CVSS 10.0 2026-01-14
Open Full Technical Breakdown
Threat Entry Updated 2026-02-02

CVE-2026-22238 - BLUVOYIX Plugin

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform by logging in to the newly-created admin user.

PLUGIN BLUVOYIX

CVE-2026-22238

CRITICAL CVSS 10.0 2026-01-14
Open Full Technical Breakdown
Threat Entry Updated 2026-02-02

CVE-2026-22237 - BLUVOYIX Plugin

The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability could allow the attacker to cause damage to the targeted platform by abusing internal functionality.

PLUGIN BLUVOYIX

CVE-2026-22237

CRITICAL CVSS 10.0 2026-01-14
Open Full Technical Breakdown
Threat Entry Updated 2026-02-02

CVE-2026-22236 - BLUVOYIX Plugin

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform.

PLUGIN BLUVOYIX

CVE-2026-22236

CRITICAL CVSS 10.0 2026-01-14
Open Full Technical Breakdown
Scroll to top