Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total15,025
Critical923
High3,045
Medium10,857
Reset
Showing 2181-2200 of 15025 records
Threat Entry Updated 2026-01-26

CVE-2026-22230 - eCASE Audit Plugin

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0.

PLUGIN eCASE Audit

CVE-2026-22230

HIGH CVSS 7.2 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-02-02

CVE-2026-21896 - Kirby Plugin

Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific role(s) from performing write actions, specifically by disabling the update permission with the intent to prevent modifications to site content. This vulnerability does not affect those who have not altered the deviated from default user permissions. This issue has been patched in version 5.2.2.

PLUGIN Kirby

CVE-2026-21896

MEDIUM CVSS 5.8 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-02-05

CVE-2026-22231 - eCASE Audit Plugin

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0.

PLUGIN eCASE Audit

CVE-2026-22231

MEDIUM CVSS 4.8 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22521 - Handmade Framework Theme

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in G5Theme Handmade Framework allows PHP Local File Inclusion.This issue affects Handmade Framework: from n/a through 3.9.

THEME Handmade Framework

CVE-2026-22521

HIGH CVSS 7.5 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22522 - Block Slider Plugin

Missing Authorization vulnerability in Munir Kamal Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through 2.2.3.

PLUGIN Block Slider

CVE-2026-22522

MEDIUM CVSS 6.5 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22519 - MediaPress Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev MediaPress allows Stored XSS.This issue affects MediaPress: from n/a through 1.6.2.

PLUGIN MediaPress

CVE-2026-22519

MEDIUM CVSS 6.5 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22518 - Elementor Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through 1.0.23.

PLUGIN Elementor

CVE-2026-22518

MEDIUM CVSS 6.5 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-04-23

CVE-2026-22517 - GA4WP: Google Analytics for WordPress Plugin

Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through

PLUGIN GA4WP: Google Analytics for WordPress

CVE-2026-22517

MEDIUM CVSS 5.4 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-04-23

CVE-2026-22490 - Bulk Landing Page Creator for WordPress LPagery Plugin

Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery lpagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through

PLUGIN Bulk Landing Page Creator for WordPress LPagery

CVE-2026-22490

MEDIUM CVSS 5.4 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22488 - Dashboard Welcome for Beaver Builder Plugin

Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through 1.0.8.

PLUGIN Dashboard Welcome for Beaver Builder

CVE-2026-22488

MEDIUM CVSS 5.3 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22492 - Docket Cache Plugin

Missing Authorization vulnerability in Nawawi Jamili Docket Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through 24.07.04.

PLUGIN Docket Cache

CVE-2026-22492

MEDIUM CVSS 4.3 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22489 - Image Slider Slideshow Plugin

Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through 1.8.

PLUGIN Image Slider Slideshow

CVE-2026-22489

MEDIUM CVSS 4.3 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-14

CVE-2026-21638 - UDB-Pro/UDB-Pro-Sector Plugin

A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: UBB-XG (Version 1.2.2 and earlier) UDB-Pro/UDB-Pro-Sector (Version 1.4.1 and earlier) UBB (Version 3.1.5 and earlier) Mitigation: Update your UBB-XG to Version 1.2.3 or later. Update your UDB-Pro/UDB-Pro-Sector to Version 1.4.2 or later. Update your UBB to Version 3.1.7 or later.

PLUGIN UDB-Pro/UDB-Pro-Sector

CVE-2026-21638

HIGH CVSS 8.8 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-15

CVE-2026-0671 - MediaWiki - UploadWizard extension Plugin

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39.

PLUGIN MediaWiki - UploadWizard extension

CVE-2026-0671

MEDIUM CVSS 6.1 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-14

CVE-2026-21639 - airFiber AF60 Plugin

A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: airMAX AC (Version 8.7.20 and earlier) airMAX M (Version 6.3.22 and earlier) airFiber AF60-XG (Version 1.2.2 and earlier) airFiber AF60 (Version 2.6.7 and earlier) Mitigation: Update your airMAX AC to Version 8.7.21 or later. Update your airMAX M to Version 6.3.24 or later. Update your airFiber AF60-XG to Version 1.2.3 or later. Update your airFiber AF60 to Version…

PLUGIN airFiber AF60

CVE-2026-21639

MEDIUM CVSS 5.4 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22486 - Re Gallery & Responsive Photo Gallery Plugin

Missing Authorization vulnerability in Hakob Re Gallery & Responsive Photo Gallery Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery & Responsive Photo Gallery Plugin: from n/a through 1.17.18.

PLUGIN Re Gallery & Responsive Photo Gallery Plugin

CVE-2026-22486

MEDIUM CVSS 5.3 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-22487 - Speed Kit Plugin

Missing Authorization vulnerability in baqend Speed Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through 2.0.2.

PLUGIN Speed Kit

CVE-2026-22487

MEDIUM CVSS 4.3 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-14

CVE-2026-22255 - iccDEV Plugin

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccCLUT::Init()` at `IccProfLib/IccTagLut.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

PLUGIN iccDEV

CVE-2026-22255

HIGH CVSS 8.8 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-15

CVE-2026-22244 - OpenMetadata Plugin

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch.

PLUGIN OpenMetadata

CVE-2026-22244

HIGH CVSS 8.5 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-15

CVE-2026-22245 - Mastodon Plugin

Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses (unless specified in `ALLOWED_PRIVATE_ADDRESSES`) to avoid the "confused deputy" problem. The list of disallowed IP address ranges was lacking some IP address ranges that can be used to reach local IP addresses. An attacker can use an IP address in the affected ranges to make Mastodon perform HTTP requests against loopback or local network…

PLUGIN Mastodon

CVE-2026-22245

HIGH CVSS 7.1 2026-01-08
Open Full Technical Breakdown
Scroll to top