Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3,039
Critical0
High3,039
Medium0
Reset
Showing 501-520 of 3039 records
Threat Entry Updated 2026-01-22

CVE-2026-0891 - Firefox ESR Plugin

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0891

HIGH CVSS 8.1 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0882 - Firefox ESR Plugin

Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0882

HIGH CVSS 8.8 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0880 - Firefox ESR Plugin

Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0880

HIGH CVSS 8.8 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0877 - Firefox ESR Plugin

Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0877

HIGH CVSS 8.1 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0878 - Firefox ESR Plugin

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

PLUGIN Firefox ESR

CVE-2026-0878

HIGH CVSS 8.0 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-14

CVE-2025-9427 - WordPress Core

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lemonsoft WordPress add on allows Cross-Site Scripting (XSS).This issue affects WordPress add on: 2025.7.1.

CORE WordPress Core

CVE-2025-9427

HIGH CVSS 8.4 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-13

CVE-2026-0507 - SAP Application Server for ABAP and SAP NetWeaver RFCSDK Plugin

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.

PLUGIN SAP Application Server for ABAP and SAP NetWeaver RFCSDK

CVE-2026-0507

HIGH CVSS 8.4 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-13

CVE-2026-0511 - SAP Fiori App (Intercompany Balance Reconciliation) Plugin

SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has high impact on confidentiality and integrity of the application ,availability is not impacted.

PLUGIN SAP Fiori App (Intercompany Balance Reconciliation)

CVE-2026-0511

HIGH CVSS 8.1 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0506 - SAP NetWeaver Application Server ABAP and ABAP Platform Plugin

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs, resulting in a high impact on integrity and availability, while confidentiality remains unaffected.

PLUGIN SAP NetWeaver Application Server ABAP and ABAP Platform

CVE-2026-0506

HIGH CVSS 8.1 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-27

CVE-2026-0492 - SAP HANA database Plugin

SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability.

PLUGIN SAP HANA database

CVE-2026-0492

HIGH CVSS 8.8 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-21

CVE-2026-22812 - Opencode Plugin

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

PLUGIN Opencode

CVE-2026-22812

HIGH CVSS 8.8 2026-01-12
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-22804 - Termix Plugin

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. This allows an attacker who has compromised a managed SSH server to plant a malicious file, which, when previewed by the Termix user, executes arbitrary JavaScript in the context of the application. The vulnerability is located in src/ui/desktop/apps/file-manager/components/FileViewer.tsx. This vulnerability is fixed in 1.10.0.

PLUGIN Termix

CVE-2026-22804

HIGH CVSS 8.0 2026-01-12
Open Full Technical Breakdown
Threat Entry Updated 2026-01-21

CVE-2026-22788 - WebErpMesv2 Plugin

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies, quotes, orders, tasks, and whiteboards. Limited write access allows creation of company records and full manipulation of collaboration whiteboards. This vulnerability is fixed in 1.19.

PLUGIN WebErpMesv2

CVE-2026-22788

HIGH CVSS 8.2 2026-01-12
Open Full Technical Breakdown
Threat Entry Updated 2026-02-05

CVE-2026-22771 - Gateway Plugin

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communicate with the control plane and gain access to all secrets that are used by Envoy proxy, e.g. TLS private keys and credentials used for downstream and upstream communication. This vulnerability is fixed in 1.5.7 and 1.6.2.

PLUGIN Gateway

CVE-2026-22771

HIGH CVSS 8.8 2026-01-12
Open Full Technical Breakdown
Threat Entry Updated 2026-01-15

CVE-2026-22776 - Cpp Httplib Plugin

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies (Content-Encoding: gzip, br, etc.). The library validates the payload_max_length against the compressed data size received from the network, but does not limit the size of the decompressed data stored in memory.

PLUGIN Cpp Httplib

CVE-2026-22776

HIGH CVSS 8.7 2026-01-12
Open Full Technical Breakdown
Threat Entry Updated 2026-01-27

CVE-2026-22200 - osTicket Plugin

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently sanitized before being processed by the mPDF PDF generator during export. When the attacker exports the ticket to PDF, the generated PDF can embed the contents of attacker-selected files from the server filesystem as bitmap images, allowing disclosure of sensitive local files in the context of the…

PLUGIN osTicket

CVE-2026-22200

HIGH CVSS 8.7 2026-01-12
Open Full Technical Breakdown
Scroll to top