Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical0
High4
Medium1
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2026-01-14

CVE-2026-22196 - GestSup Plugin

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in ticket creation functionality. User-controlled input provided during ticket creation is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can result in unauthorized access to or modification of database contents depending on database privileges.

PLUGIN GestSup

CVE-2026-22196

HIGH CVSS 7.7 2026-01-09
Open Full Technical Breakdown
Threat Entry Updated 2026-01-14

CVE-2026-22197 - GestSup Plugin

GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can result in unauthorized access to or modification of database contents depending on database privileges.

PLUGIN GestSup

CVE-2026-22197

HIGH CVSS 7.5 2026-01-09
Open Full Technical Breakdown
Threat Entry Updated 2026-01-14

CVE-2026-22198 - GestSup Plugin

GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting (XSS) vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value (for example, to /api/v1/ticket.php), an unauthenticated attacker can cause attacker-controlled HTML/JavaScript to be written to log entries. When an administrator later views the affected logs in the web interface, the injected content is rendered without proper output encoding, resulting in arbitrary script execution in the administrator’s browser session.

PLUGIN GestSup

CVE-2026-22198

MEDIUM CVSS 5.1 2026-01-09
Open Full Technical Breakdown
Threat Entry Updated 2026-01-14

CVE-2026-22194 - GestSup Plugin

GestSup versions up to and including 3.2.60 contain a cross-site request forgery (CSRF) vulnerability where the application does not verify the authenticity of client requests. An attacker can induce a logged-in user to submit crafted requests that perform actions with the victim's privileges. This can be exploited to create privileged accounts by targeting the administrative user creation endpoint.

PLUGIN GestSup

CVE-2026-22194

HIGH CVSS 8.9 2026-01-09
Open Full Technical Breakdown
Threat Entry Updated 2026-01-14

CVE-2026-22195 - GestSup Plugin

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can result in unauthorized access to or modification of database contents depending on database privileges.

PLUGIN GestSup

CVE-2026-22195

HIGH CVSS 7.7 2026-01-09
Open Full Technical Breakdown
Scroll to top