Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total14,261
Critical855
High2,811
Medium10,399
Reset
Showing 1581-1600 of 14261 records
Threat Entry Updated 2026-01-22

CVE-2026-0885 - Firefox ESR Plugin

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0885

MEDIUM CVSS 6.5 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0890 - Firefox ESR Plugin

Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0890

MEDIUM CVSS 5.4 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0886 - Firefox ESR Plugin

Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0886

MEDIUM CVSS 5.3 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0887 - Firefox ESR Plugin

Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0887

MEDIUM CVSS 4.3 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0884 - Firefox ESR Plugin

Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0884

CRITICAL CVSS 9.8 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0879 - Firefox ESR Plugin

Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0879

CRITICAL CVSS 9.8 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0882 - Firefox ESR Plugin

Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0882

HIGH CVSS 8.8 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0880 - Firefox ESR Plugin

Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0880

HIGH CVSS 8.8 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0877 - Firefox ESR Plugin

Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0877

HIGH CVSS 8.1 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0878 - Firefox ESR Plugin

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0878

HIGH CVSS 8.0 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0883 - Firefox ESR Plugin

Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0883

MEDIUM CVSS 5.3 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-04-15

CVE-2026-0684 - Cp Image Store Plugin

The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis_admin_init' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and above, to import arbitrary products via XML, if the XML file has already been uploaded to the server.

PLUGIN Cp Image Store

CVE-2026-0684

MEDIUM CVSS 4.3 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-14

CVE-2025-14507 - Eventprime Event Calendar Management Plugin

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names, email addresses, ticket details, payment information, and order keys when the API is enabled by an administrator. The vulnerability was partially patched in version 4.2.7.0.

PLUGIN Eventprime Event Calendar Management

CVE-2025-14507

MEDIUM CVSS 5.3 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-14

CVE-2026-0859 - TYPO3 CMS Plugin

TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.

PLUGIN TYPO3 CMS

CVE-2026-0859

MEDIUM CVSS 5.2 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-13

CVE-2025-14001 - Wp Duplicate Page Plugin

The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate arbitrary posts, pages, and WooCommerce HPOS orders even when their role is explicitly excluded from the plugin's "Allowed User Roles" setting, potentially exposing sensitive information and allowing duplicate fulfillment of WooCommerce orders.

PLUGIN Wp Duplicate Page

CVE-2025-14001

MEDIUM CVSS 5.4 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-13

CVE-2025-14829 - Through 2 Plugin

The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.

PLUGIN Through 2

CVE-2025-14829

CRITICAL CVSS 9.1 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-0514 - SAP Business Connector Plugin

Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. Successful exploitation could allow the attacker to access or modify information related to the webclient, impacting confidentiality and integrity, with no effect on availability.

PLUGIN SAP Business Connector

CVE-2026-0514

MEDIUM CVSS 6.1 2026-01-13
Open Full Technical Breakdown
Scroll to top