Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total14,261
Critical855
High2,811
Medium10,399
Reset
Showing 1921-1940 of 14261 records
Threat Entry Updated 2026-01-08

CVE-2026-22543 - QC 60/90/120 Plugin

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials

PLUGIN QC 60/90/120

CVE-2026-22543

MEDIUM CVSS 6.9 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22535 - QC 60/90/120 Plugin

An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communications protocol, write on the server topics of the board that controls the MQTT communications

PLUGIN QC 60/90/120

CVE-2026-22535

HIGH CVSS 8.9 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22537 - QC 60/90/120 Plugin

The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker.

PLUGIN QC 60/90/120

CVE-2026-22537

MEDIUM CVSS 6.8 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-20029 - Cisco Identity Services Engine Software Plugin

A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.  This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive…

PLUGIN Cisco Identity Services Engine Software

CVE-2026-20029

MEDIUM CVSS 4.9 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-20026 - Cisco Secure Firewall Threat Defense (FTD) Software Plugin

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can result in a buffer use-after-free read. An attacker could exploit this vulnerability by sending a large number of DCE/RPC requests through an established connection that is inspected by Snort 3. A successful…

PLUGIN Cisco Secure Firewall Threat Defense (FTD) Software

CVE-2026-20026

MEDIUM CVSS 5.8 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-20027 - Cisco Secure Firewall Threat Defense (FTD) Software Plugin

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can result in a buffer out-of-bounds read. An attacker could exploit this vulnerability by sending a large number of DCE/RPC requests through an established connection that is inspected by Snort 3. A…

PLUGIN Cisco Secure Firewall Threat Defense (FTD) Software

CVE-2026-20027

MEDIUM CVSS 5.3 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22542 - QC 60/90/120 Plugin

An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service.

PLUGIN QC 60/90/120

CVE-2026-22542

CRITICAL CVSS 9.2 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22541 - QC 60/90/120 Plugin

The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.

PLUGIN QC 60/90/120

CVE-2026-22541

HIGH CVSS 8.2 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22540 - QC60/90/120 Plugin

The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.

PLUGIN QC60/90/120

CVE-2026-22540

CRITICAL CVSS 9.2 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-20893 - Fujitsu Security Solution AuthConductor Client Basic V2 Plugin

Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with SYSTEM privilege and/or modify the registry value.

PLUGIN Fujitsu Security Solution AuthConductor Client Basic V2

CVE-2026-20893

HIGH CVSS 8.5 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-0650 - Flagr Plugin

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials. Unauthorized access may allow modification of feature flags and export of sensitive data.

PLUGIN Flagr

CVE-2026-0650

CRITICAL CVSS 9.3 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-12

CVE-2026-0628 - Chrome Plugin

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

PLUGIN Chrome

CVE-2026-0628

HIGH CVSS 8.8 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-04-15

CVE-2026-0656 - Ipaymu Payment Gateway For Woocommerce Plugin

The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'check_ipaymu_response' function. This is due to the plugin not validating webhook request authenticity through signature verification or origin checks. This makes it possible for unauthenticated attackers to mark WooCommerce orders as paid by sending crafted POST requests to the webhook endpoint without any payment occurring, as well as enumerate order IDs and obtain valid order keys via GET requests, exposing customer order PII including names, addresses,…

PLUGIN Ipaymu Payment Gateway For Woocommerce

CVE-2026-0656

HIGH CVSS 8.2 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-15

CVE-2026-0643 - House Rental and Property Listing Plugin

A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.

PLUGIN House Rental and Property Listing

CVE-2026-0643

MEDIUM CVSS 6.9 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-0649 - Invoiceninja Plugin

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument company_logo leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PLUGIN Invoiceninja

CVE-2026-0649

MEDIUM CVSS 5.1 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-02-23

CVE-2026-0642 - House Rental and Property Listing Plugin

A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.

PLUGIN House Rental and Property Listing

CVE-2026-0642

MEDIUM CVSS 4.8 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2025-15158 - Wp Enable Webp Plugin

The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpse_file_and_ext_webp' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Wp Enable Webp

CVE-2025-15158

HIGH CVSS 8.8 2026-01-07
Open Full Technical Breakdown
Scroll to top