Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High0
Medium0
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2026-06-27

CVE-2026-9677 - Shariff For Wordpress Shariff For Plugin

The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariff_infourl setting before outputting it in the frontend HTML via the generateshariff() function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Shariff For Wordpress Shariff For

CVE-2026-9677

UNKNOWN CVSS 0.0 2026-06-27
Open Full Technical Breakdown
Threat Entry Updated 2026-06-27

CVE-2026-10820 - Restrict Content Plugin

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user (Subscriber+) to cancel other users' active subscriptions via an Insecure Direct Object Reference.

PLUGIN Restrict Content

CVE-2026-10820

UNKNOWN CVSS 0.0 2026-06-27
Open Full Technical Breakdown
Threat Entry Updated 2026-06-24

CVE-2026-53038 - WordPress component

In the Linux kernel, the following vulnerability has been resolved: ima_fs: Correctly create securityfs files for unsupported hash algos ima_tpm_chip->allocated_banks[i].crypto_id is initialized to HASH_ALGO__LAST if the TPM algorithm is not supported. However there are places relying on the algorithm to be valid because it is accessed by hash_algo_name[]. On 6.12.40 I observe the following read out-of-bounds in hash_algo_name: ================================================================== BUG: KASAN: global-out-of-bounds in create_securityfs_measurement_lists+0x396/0x440 Read of size 8 at addr ffffffff83e18138 by task swapper/0/1 CPU: 4 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.40 #3 Call Trace: dump_stack_lvl+0x61/0x90 print_report+0xc4/0x580…

UNKNOWN WordPress component

CVE-2026-53038

UNKNOWN CVSS 0.0 2026-06-24
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-23634 - Pepr Plugin

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with Pepr and create resources dynamically without needing to pre-configure RBAC. This vulnerability is fixed in 1.0.5.

PLUGIN Pepr

CVE-2026-23634

UNKNOWN CVSS 0.0 2026-01-16
Open Full Technical Breakdown
Scroll to top