Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total15,025
Critical923
High3,045
Medium10,857
Reset
Showing 2221-2240 of 15025 records
Threat Entry Updated 2026-01-20

CVE-2026-0676 - Zorka Theme

Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through

THEME Zorka

CVE-2026-0676

MEDIUM CVSS 5.3 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-04-23

CVE-2026-0674 - Campaign Monitor for WordPress Plugin

Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress forms-for-campaign-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Campaign Monitor for WordPress: from n/a through

PLUGIN Campaign Monitor for WordPress

CVE-2026-0674

MEDIUM CVSS 4.3 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-68887 - WordPress Core

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: from n/a through

CORE WordPress Core

CVE-2025-68887

HIGH CVSS 7.1 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-27004 - WordPress Core

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famous_grid_image_and_video_gallery allows Reflected XSS.This issue affects Famous - Responsive Image And Video Grid Gallery WordPress Plugin: from n/a through

CORE WordPress Core

CVE-2025-27004

MEDIUM CVSS 6.1 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2025-14984 - Gutenverse Form Plugin

The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin's framework component adding SVG to the allowed MIME types via the upload_mimes filter without implementing any sanitization of SVG file contents. This makes it possible for authenticated attackers, with Author-level access and above, to upload SVG files containing malicious JavaScript that executes when the file is viewed, leading to arbitrary JavaScript execution in victims' browsers.

PLUGIN Gutenverse Form

CVE-2025-14984

MEDIUM CVSS 6.4 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-02-23

CVE-2026-0701 - Intern Membership Management System Plugin

A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /intern/admin/add_admin.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

PLUGIN Intern Membership Management System

CVE-2026-0701

MEDIUM CVSS 5.1 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-12

CVE-2026-0700 - Intern Membership Management System Plugin

A vulnerability was determined in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /intern/admin/check_admin.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

PLUGIN Intern Membership Management System

CVE-2026-0700

MEDIUM CVSS 6.9 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-12

CVE-2026-0699 - Intern Membership Management System Plugin

A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

PLUGIN Intern Membership Management System

CVE-2026-0699

MEDIUM CVSS 5.1 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2025-13679 - Elearning And Online Course Solution Plugin

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_order_by_id() function in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate order IDs and exfiltrate sensitive data (PII), such as student name, email address, phone number, and billing address.

PLUGIN Elearning And Online Course Solution

CVE-2025-13679

MEDIUM CVSS 6.5 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-09

CVE-2026-0698 - Intern Membership Management System Plugin

A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/edit_students.php. Such manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PLUGIN Intern Membership Management System

CVE-2026-0698

MEDIUM CVSS 5.1 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-09

CVE-2026-0697 - Intern Membership Management System Plugin

A flaw has been found in code-projects Intern Membership Management System 1.0. The impacted element is an unknown function of the file /intern/admin/edit_admin.php. This manipulation of the argument admin_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

PLUGIN Intern Membership Management System

CVE-2026-0697

MEDIUM CVSS 5.1 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-21427 - Stellanova APS-S301 series Plugin

The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer.

PLUGIN Stellanova APS-S301 series

CVE-2026-21427

HIGH CVSS 8.5 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2026-0707 - Red Hat Build of Keycloak Plugin

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.

PLUGIN Red Hat Build of Keycloak

CVE-2026-0707

MEDIUM CVSS 5.3 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2025-14275 - Jeg Elementor Kit Plugin

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary JavaScript that will execute when an administrator or other user views the page containing the malicious countdown element.

PLUGIN Jeg Elementor Kit

CVE-2025-14275

MEDIUM CVSS 6.4 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-08

CVE-2025-12640 - File Manager Plugin

The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. This is due to missing object-level authorization checks in the handle_folders_file_upload() function. This makes it possible for authenticated attackers, with Author-level access and above, to replace arbitrary media files from the WordPress Media Library.

PLUGIN File Manager

CVE-2025-12640

MEDIUM CVSS 4.3 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2026-21881 - Kanboard Plugin

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSE_PROXY_AUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a trusted reverse proxy. An attacker can impersonate any user, including administrators, by simply sending a spoofed HTTP header. This issue is fixed in version 1.2.49.

PLUGIN Kanboard

CVE-2026-21881

CRITICAL CVSS 9.1 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2026-21880 - Kanboard Plugin

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to enumerate all LDAP users, discover sensitive user attributes, and perform targeted attacks against specific accounts. This issue is fixed in version 1.2.49.

PLUGIN Kanboard

CVE-2026-21880

MEDIUM CVSS 5.3 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2026-21879 - Kanboard Plugin

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the filter_var($url, FILTER_VALIDATE_URL) validation check. This vulnerability could be exploited to conduct phishing attacks, steal user credentials, or distribute malware. The issue is fixed in version 1.2.49.

PLUGIN Kanboard

CVE-2026-21879

MEDIUM CVSS 4.7 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-21883 - Bokeh Plugin

Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist (e.g., dashboard.corp), an attacker can register a domain like dashboard.corp.attacker.com (or use a subdomain if applicable) and lure a victim to visit it. The malicious site can then initiate a WebSocket connection to the vulnerable Bokeh server. Since the Origin header (e.g., http://dashboard.corp.attacker.com/) matches the allowlist according to the flawed logic, the connection is accepted. Once connected, the attacker can interact with the Bokeh server on behalf of…

PLUGIN Bokeh

CVE-2026-21883

MEDIUM CVSS 4.5 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2026-21877 - N8n Plugin

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.

PLUGIN N8n

CVE-2026-21877

CRITICAL CVSS 9.9 2026-01-08
Open Full Technical Breakdown
Scroll to top