Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,857
Critical0
High0
Medium10,857
Reset
Showing 1641-1660 of 10857 records
Threat Entry Updated 2026-01-22

CVE-2026-0580 - API Key Manager App Plugin

A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely.

PLUGIN API Key Manager App

CVE-2026-0580

MEDIUM CVSS 5.1 2026-01-05
Open Full Technical Breakdown
Threat Entry Updated 2026-01-09

CVE-2026-0579 - Online Product Reservation System Plugin

A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php of the component POST Parameter Handler. The manipulation of the argument prod_id/name/price/model/serial results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.

PLUGIN Online Product Reservation System

CVE-2026-0579

MEDIUM CVSS 6.9 2026-01-04
Open Full Technical Breakdown
Threat Entry Updated 2026-01-09

CVE-2026-0578 - Online Product Reservation System Plugin

A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the file /handgunner-administrator/delete.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PLUGIN Online Product Reservation System

CVE-2026-0578

MEDIUM CVSS 6.9 2026-01-04
Open Full Technical Breakdown
Threat Entry Updated 2026-02-23

CVE-2026-0577 - Online Product Reservation System Plugin

A flaw has been found in code-projects Online Product Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /handgunner-administrator/prod.php. Executing a manipulation can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been published and may be used.

PLUGIN Online Product Reservation System

CVE-2026-0577

MEDIUM CVSS 5.3 2026-01-04
Open Full Technical Breakdown
Threat Entry Updated 2026-02-23

CVE-2026-0576 - Online Product Reservation System Plugin

A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler. Performing a manipulation of the argument cat/price/name/model/serial results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

PLUGIN Online Product Reservation System

CVE-2026-0576

MEDIUM CVSS 6.9 2026-01-04
Open Full Technical Breakdown
Threat Entry Updated 2026-01-09

CVE-2026-0575 - Online Product Reservation System Plugin

A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. This impacts an unknown function of the file /handgunner-administrator/adminlogin.php of the component Administrator Login. Such manipulation of the argument emailadd/pass leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

PLUGIN Online Product Reservation System

CVE-2026-0575

MEDIUM CVSS 6.9 2026-01-04
Open Full Technical Breakdown
Threat Entry Updated 2026-02-17

CVE-2026-0574 - Warehouse Plugin

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function saveUserRole of the file warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component Request Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified.

PLUGIN Warehouse

CVE-2026-0574

MEDIUM CVSS 5.3 2026-01-04
Open Full Technical Breakdown
Threat Entry Updated 2026-02-23

CVE-2026-21484 - Anything Llm Plugin

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling username enumeration. Commit e287fab56089cf8fcea9ba579a3ecdeca0daa313 fixes this issue.

PLUGIN Anything Llm

CVE-2026-21484

MEDIUM CVSS 5.3 2026-01-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-25

CVE-2026-21483 - Listmonk Plugin

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user (Super Admin) views or previews this content, the XSS executes in their browser context, allowing the attacker to perform privileged actions such as creating backdoor admin accounts. The attack can be weaponized via the public archive feature, where victims simply need to visit a link - no preview click required. Version 6.0.0 fixes the issue.

PLUGIN Listmonk

CVE-2026-21483

MEDIUM CVSS 5.4 2026-01-02
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-21451 - Bagisto Plugin

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting (XSS) vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize `` tags, the filtering can be bypassed by manipulating the raw HTTP POST request before submission. As a result, arbitrary JavaScript can be stored in the CMS content and executed whenever the page is viewed or edited. This exposes administrators to a high-severity risk, including complete account takeover, backend hijacking, and malicious script execution. Version 2.3.10 fixes…

PLUGIN Bagisto

CVE-2026-21451

MEDIUM CVSS 5.2 2026-01-02
Open Full Technical Breakdown
Threat Entry Updated 2026-02-05

CVE-2026-0571 - Warehouse Plugin

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function createResponseEntity of the file warehouse\src\main\java\com\yeqifu\sys\common\AppFileUtils.java. The manipulation of the argument path results in path traversal. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

PLUGIN Warehouse

CVE-2026-0571

MEDIUM CVSS 5.3 2026-01-02
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-21432 - Emlog Plugin

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available.

PLUGIN Emlog

CVE-2026-21432

MEDIUM CVSS 6.8 2026-01-02
Open Full Technical Breakdown
Threat Entry Updated 2026-02-25

CVE-2026-21444 - Libtpms Plugin

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. Version 0.10.2 fixes the issue. No known workarounds are available.

PLUGIN Libtpms

CVE-2026-21444

MEDIUM CVSS 5.5 2026-01-02
Open Full Technical Breakdown
Threat Entry Updated 2026-02-23

CVE-2026-0570 - Online Music Site Plugin

A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing a manipulation of the argument fname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.

PLUGIN Online Music Site

CVE-2026-0570

MEDIUM CVSS 6.9 2026-01-02
Open Full Technical Breakdown
Threat Entry Updated 2026-01-09

CVE-2026-0569 - Online Music Site Plugin

A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PLUGIN Online Music Site

CVE-2026-0569

MEDIUM CVSS 6.9 2026-01-02
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-21429 - Emlog Plugin

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available.

PLUGIN Emlog

CVE-2026-21429

MEDIUM CVSS 5.1 2026-01-02
Open Full Technical Breakdown
Threat Entry Updated 2026-01-09

CVE-2026-0568 - Online Music Site Plugin

A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

PLUGIN Online Music Site

CVE-2026-0568

MEDIUM CVSS 6.9 2026-01-02
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2026-0567 - Content Management System Plugin

A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

PLUGIN Content Management System

CVE-2026-0567

MEDIUM CVSS 6.9 2026-01-02
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2026-0566 - Content Management System Plugin

A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

PLUGIN Content Management System

CVE-2026-0566

MEDIUM CVSS 5.1 2026-01-02
Open Full Technical Breakdown
Threat Entry Updated 2026-02-23

CVE-2026-0565 - Content Management System Plugin

A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

PLUGIN Content Management System

CVE-2026-0565

MEDIUM CVSS 6.9 2026-01-02
Open Full Technical Breakdown
Scroll to top