Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total14,261
Critical855
High2,811
Medium10,399
Reset
Showing 1321-1340 of 14261 records
Threat Entry Updated 2026-01-16

CVE-2025-13062 - Supreme Modules Lite Plugin

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitization while being accepted as a valid JSON file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Supreme Modules Lite

CVE-2025-13062

HIGH CVSS 8.8 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22918 - TDC-X401GL Plugin

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.

PLUGIN TDC-X401GL

CVE-2026-22918

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22916 - TDC-X401GL Plugin

An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.

PLUGIN TDC-X401GL

CVE-2026-22916

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22914 - TDC-X401GL Plugin

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.

PLUGIN TDC-X401GL

CVE-2026-22914

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22913 - TDC-X401GL Plugin

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.

PLUGIN TDC-X401GL

CVE-2026-22913

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22919 - TDC-X401GL Plugin

An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.

PLUGIN TDC-X401GL

CVE-2026-22919

LOW CVSS 3.8 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22908 - TDC-X401GL Plugin

Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.

PLUGIN TDC-X401GL

CVE-2026-22908

CRITICAL CVSS 9.1 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22910 - TDC-X401GL Plugin

The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.

PLUGIN TDC-X401GL

CVE-2026-22910

HIGH CVSS 7.5 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22909 - TDC-X401GL Plugin

Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.

PLUGIN TDC-X401GL

CVE-2026-22909

HIGH CVSS 7.5 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22911 - TDC-X401GL Plugin

Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.

PLUGIN TDC-X401GL

CVE-2026-22911

MEDIUM CVSS 5.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22912 - TDC-X401GL Plugin

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.

PLUGIN TDC-X401GL

CVE-2026-22912

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-0976 - Red Hat Build of Keycloak Plugin

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments, potentially bypassing proxy-level path filtering. This could expose administrative or sensitive endpoints that operators believe are not externally reachable.

PLUGIN Red Hat Build of Keycloak

CVE-2026-0976

LOW CVSS 3.7 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2025-14457 - Drag And Drop Multiple File Upload For Contact Form 7 Plugin

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.9.2. This makes it possible for unauthenticated attackers to delete arbitrary uploaded files when the "Send attachments as links" setting is enabled.

PLUGIN Drag And Drop Multiple File Upload For Contact Form 7

CVE-2025-14457

LOW CVSS 3.7 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-02-24

CVE-2025-14448 - Wp Members Membership Plugin

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Wp Members Membership

CVE-2025-14448

MEDIUM CVSS 5.4 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-0421 - ThinkPad L13 Gen 6 2 in 1 BIOS Plugin

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.

PLUGIN ThinkPad L13 Gen 6 2 in 1 BIOS

CVE-2026-0421

HIGH CVSS 7.0 2026-01-14
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-0600 - Nexus Repository Plugin

Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network resources. A workaround configuration is available starting in version 3.88.0, but the product remains vulnerable by default.

PLUGIN Nexus Repository

CVE-2026-0600

MEDIUM CVSS 6.2 2026-01-14
Open Full Technical Breakdown
Scroll to top