Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total15,024
Critical923
High3,044
Medium10,857
Reset
Showing 1561-1580 of 15024 records
Threat Entry Updated 2026-02-02

CVE-2026-0518 - Secure Access Plugin

CVE-2026-0518 is a cross-site scripting vulnerability in versions of Secure Access prior to 14.20. An attacker with administrative privileges can interfere with another administrator’s use of the console.

PLUGIN Secure Access

CVE-2026-0518

MEDIUM CVSS 4.8 2026-01-17
Open Full Technical Breakdown
Threat Entry Updated 2026-02-02

CVE-2026-0519 - Secure Access Plugin

In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read the token and reuse it to access an integrated system.

PLUGIN Secure Access

CVE-2026-0519

MEDIUM CVSS 4.6 2026-01-17
Open Full Technical Breakdown
Threat Entry Updated 2026-02-02

CVE-2026-0517 - Secure Access Plugin

CVE-2026-0517 is a denial-of-service vulnerability in versions of Secure Access Server prior to 14.20. An attacker can send a specially crafted packet to a server and cause the server to crash

PLUGIN Secure Access

CVE-2026-0517

MEDIUM CVSS 6.0 2026-01-17
Open Full Technical Breakdown
Threat Entry Updated 2026-02-18

CVE-2026-22865 - Gradle Plugin

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these exceptions, Gradle would continue to the next repository in the list and potentially resolve dependencies from a different repository. An exception like NoHttpResponseException can indicate transient errors. If the errors persist after a maximum number of retries, Gradle would continue to the next…

PLUGIN Gradle

CVE-2026-22865

HIGH CVSS 8.6 2026-01-16
Open Full Technical Breakdown
Threat Entry Updated 2026-02-18

CVE-2026-22816 - Gradle Plugin

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these exceptions, Gradle would continue to the next repository in the list and potentially resolve dependencies from a different repository. If a Gradle build used an unresolvable host name, Gradle would continue to work as long as all dependencies could be resolved from another…

PLUGIN Gradle

CVE-2026-22816

HIGH CVSS 8.6 2026-01-16
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-23800 - Modular DS Plugin

Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0.

PLUGIN Modular DS

CVE-2026-23800

CRITICAL CVSS 10.0 2026-01-16
Open Full Technical Breakdown
Threat Entry Updated 2026-02-23

CVE-2026-23643 - Cakephp Plugin

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1.

PLUGIN Cakephp

CVE-2026-23643

MEDIUM CVSS 5.4 2026-01-16
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-23744 - Inspector Plugin

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.

PLUGIN Inspector

CVE-2026-23744

CRITICAL CVSS 9.8 2026-01-16
Open Full Technical Breakdown
Threat Entry Updated 2026-02-18

CVE-2026-23742 - Skipper Plugin

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration inline allows these user to create a script that is able to read the filesystem accessible to the skipper process and if the user has access to read the logs, they an read skipper secrets. This vulnerability is fixed in 0.23.0.

PLUGIN Skipper

CVE-2026-23742

HIGH CVSS 8.8 2026-01-16
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-23735 - Graphql Modules Plugin

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the requests is mixed up in the service when the context is injected via @ExecutionContext(). ExecutionContext is often used to pass authentication tokens from incoming requests to services loading data from backend APIs. This vulnerability is fixed in 2.4.1 and 3.1.1.

PLUGIN Graphql Modules

CVE-2026-23735

HIGH CVSS 8.7 2026-01-16
Open Full Technical Breakdown
Threat Entry Updated 2026-01-30

CVE-2026-23730 - WeGIA Plugin

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=ProdutoControle. The application fails to validate or restrict the nextPage parameter, allowing attackers to redirect users to arbitrary external websites. This can be abused for phishing attacks, credential theft, malware distribution, and social engineering using the trusted WeGIA domain. This vulnerability is fixed in 3.6.2.

PLUGIN WeGIA

CVE-2026-23730

MEDIUM CVSS 4.8 2026-01-16
Open Full Technical Breakdown
Threat Entry Updated 2026-01-30

CVE-2026-23729 - WeGIA Plugin

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarDescricao and nomeClasse=ProdutoControle. The application fails to validate or restrict the nextPage parameter, allowing attackers to redirect users to arbitrary external websites. This can be abused for phishing attacks, credential theft, malware distribution, and social engineering using the trusted WeGIA domain. This vulnerability is fixed in 3.6.2.

PLUGIN WeGIA

CVE-2026-23729

MEDIUM CVSS 4.8 2026-01-16
Open Full Technical Breakdown
Threat Entry Updated 2026-01-30

CVE-2026-23731 - WeGIA Plugin

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with frame-ancestors directive is not configured. Because of this, an attacker can load any WeGIA page inside a malicious HTML document, overlay deceptive elements, hide real buttons, or force accidental interaction with sensitive workflows. This vulnerability is fixed in 3.6.2.

PLUGIN WeGIA

CVE-2026-23731

MEDIUM CVSS 4.3 2026-01-16
Open Full Technical Breakdown
Threat Entry Updated 2026-01-30

CVE-2026-23722 - WeGIA Plugin

WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, specifically within the html/memorando/insere_despacho.php file. The application fails to properly sanitize or encode user-supplied input via the id_memorando GET parameter before reflecting it into the HTML source (likely inside a block or an attribute). This allows unauthenticated attackers to inject arbitrary JavaScript or HTML into the context of the user's browser session. This vulnerability is fixed in 3.6.2.

PLUGIN WeGIA

CVE-2026-23722

CRITICAL CVSS 9.1 2026-01-16
Open Full Technical Breakdown
Threat Entry Updated 2026-01-30

CVE-2026-23723 - WeGIA Plugin

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential arbitrary file reads in misconfigured environments. This vulnerability is fixed in 3.6.2.

PLUGIN WeGIA

CVE-2026-23723

HIGH CVSS 7.2 2026-01-16
Open Full Technical Breakdown
Threat Entry Updated 2026-01-30

CVE-2026-23725 - WeGIA Plugin

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/pet/adotantes/cadastro_adotante.php and html/pet/adotantes/informacao_adotantes.php endpoint of the WeGIA application. The application does not sanitize user-controlled input before rendering it inside the Adopters Information table, allowing persistent JavaScript injection. Any user who visits the page will have the payload executed automatically. This vulnerability is fixed in 3.6.2.

PLUGIN WeGIA

CVE-2026-23725

MEDIUM CVSS 5.3 2026-01-16
Open Full Technical Breakdown
Threat Entry Updated 2026-01-30

CVE-2026-23728 - WeGIA Plugin

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=DestinoControle. The application fails to validate or restrict the nextPage parameter, allowing attackers to redirect users to arbitrary external websites. This can be abused for phishing attacks, credential theft, malware distribution, and social engineering using the trusted WeGIA domain. This vulnerability is fixed in 3.6.2.

PLUGIN WeGIA

CVE-2026-23728

MEDIUM CVSS 4.8 2026-01-16
Open Full Technical Breakdown
Scroll to top