Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3,039
Critical0
High3,039
Medium0
Reset
Showing 601-620 of 3039 records
Threat Entry Updated 2026-01-12

CVE-2026-21685 - iccDEV Plugin

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLut16::Read()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

PLUGIN iccDEV

CVE-2026-21685

HIGH CVSS 7.1 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-12

CVE-2026-21684 - iccDEV Plugin

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagSpectralViewingConditions()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

PLUGIN iccDEV

CVE-2026-21684

HIGH CVSS 7.1 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-14

CVE-2026-21682 - iccDEV Plugin

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow in `CIccXmlArrayType::ParseText()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

PLUGIN iccDEV

CVE-2026-21682

HIGH CVSS 8.8 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-14

CVE-2026-21681 - iccDEV Plugin

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Undefined Behavior runtime error. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

PLUGIN iccDEV

CVE-2026-21681

HIGH CVSS 7.1 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-21856 - Tarkov Data Manager Plugin

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against the MySQL database. Commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8 contains a patch.

PLUGIN Tarkov Data Manager

CVE-2026-21856

HIGH CVSS 7.2 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-09

CVE-2026-21679 - iccDEV Plugin

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow in CIccLocalizedUnicode::GetText(). This issue has been patched in version 2.3.1.2.

PLUGIN iccDEV

CVE-2026-21679

HIGH CVSS 8.8 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-13

CVE-2026-21678 - iccDEV Plugin

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml(). This issue has been patched in version 2.3.1.2.

PLUGIN iccDEV

CVE-2026-21678

HIGH CVSS 7.8 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-02-23

CVE-2026-0669 - MediaWiki - CSS extension Plugin

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39.

PLUGIN MediaWiki - CSS extension

CVE-2026-0669

HIGH CVSS 7.5 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22535 - QC 60/90/120 Plugin

An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communications protocol, write on the server topics of the board that controls the MQTT communications

PLUGIN QC 60/90/120

CVE-2026-22535

HIGH CVSS 8.9 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22541 - QC 60/90/120 Plugin

The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.

PLUGIN QC 60/90/120

CVE-2026-22541

HIGH CVSS 8.2 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-20893 - Fujitsu Security Solution AuthConductor Client Basic V2 Plugin

Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with SYSTEM privilege and/or modify the registry value.

PLUGIN Fujitsu Security Solution AuthConductor Client Basic V2

CVE-2026-20893

HIGH CVSS 8.5 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-12

CVE-2026-0628 - Chrome Plugin

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

PLUGIN Chrome

CVE-2026-0628

HIGH CVSS 8.8 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-04-15

CVE-2026-0656 - Ipaymu Payment Gateway For Woocommerce Plugin

The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'check_ipaymu_response' function. This is due to the plugin not validating webhook request authenticity through signature verification or origin checks. This makes it possible for unauthenticated attackers to mark WooCommerce orders as paid by sending crafted POST requests to the webhook endpoint without any payment occurring, as well as enumerate order IDs and obtain valid order keys via GET requests, exposing customer order PII including names, addresses,…

PLUGIN Ipaymu Payment Gateway For Woocommerce

CVE-2026-0656

HIGH CVSS 8.2 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2025-15158 - Wp Enable Webp Plugin

The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpse_file_and_ext_webp' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Wp Enable Webp

CVE-2025-15158

HIGH CVSS 8.8 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2025-14804 - Frontend File Manager Plugin

The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server

PLUGIN Frontend File Manager

CVE-2025-14804

HIGH CVSS 7.7 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2025-14835 - Wp Photo Album Plus Plugin

The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Wp Photo Album Plus

CVE-2025-14835

HIGH CVSS 7.1 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2025-14070 - Review For Discount Plugin

The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'send_test_email' AJAX action in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to create arbitrary WooCommerce discount coupons, potentially causing financial loss to the store.

PLUGIN Review For Discount

CVE-2025-14070

HIGH CVSS 7.5 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2025-13801 - Yoco Payment Gateway Plugin

The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.8.8 via the file parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

PLUGIN Yoco Payment Gateway

CVE-2025-13801

HIGH CVSS 7.5 2026-01-07
Open Full Technical Breakdown
Scroll to top