Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total6
Critical1
High2
Medium2
Reset
Showing 1-6 of 6 records
Threat Entry Updated 2026-01-21

CVE-2026-22799 - Emlog Plugin

Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-api=upload) for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers (with a valid API key or admin session cookie) to upload arbitrary files (including malicious PHP scripts) to the server. An attacker can obtain the API key either by gaining administrator access to enable the REST API setting, or via information disclosure vulnerabilities in the application. Once uploaded, the malicious PHP file…

PLUGIN Emlog

CVE-2026-22799

CRITICAL CVSS 9.3 2026-01-12
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-21433 - Emlog Plugin

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http[:]//emblog/admin/media[.]php which contains external resource references. When the server processes/renders the SVG (thumbnailing, preview, or sanitization), it issues an HTTP request to the attacker-controlled host. Impact: server-side SSRF/OOB leading to internal network probing and potential metadata/credential exposure. As of time of publication, no known patched versions are available.

PLUGIN Emlog

CVE-2026-21433

HIGH CVSS 7.7 2026-01-02
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-21432 - Emlog Plugin

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available.

PLUGIN Emlog

CVE-2026-21432

MEDIUM CVSS 6.8 2026-01-02
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-21430 - Emlog Plugin

Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery (CSRF). This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site scripting, leads to account takeover. As of time of publication, no known patched versions are available.

PLUGIN Emlog

CVE-2026-21430

HIGH CVSS 7.0 2026-01-02
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-21431 - Emlog Plugin

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `Resource media library ` function while publishing an article. As of time of publication, no known patched versions are available.

PLUGIN Emlog

CVE-2026-21431

LOW CVSS 2.0 2026-01-02
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-21429 - Emlog Plugin

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available.

PLUGIN Emlog

CVE-2026-21429

MEDIUM CVSS 5.1 2026-01-02
Open Full Technical Breakdown
Scroll to top