Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total15,024
Critical923
High3,044
Medium10,857
Reset
Showing 1681-1700 of 15024 records
Threat Entry Updated 2026-01-16

CVE-2026-0989 - Red Hat Enterprise Linux 10 Plugin

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

PLUGIN Red Hat Enterprise Linux 10

CVE-2026-0989

LOW CVSS 3.7 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-0992 - Red Hat Enterprise Linux 10 Plugin

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

PLUGIN Red Hat Enterprise Linux 10

CVE-2026-0992

LOW CVSS 2.9 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-29

CVE-2026-22645 - Incoming Goods Suite Plugin

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components.

PLUGIN Incoming Goods Suite

CVE-2026-22645

MEDIUM CVSS 5.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-29

CVE-2026-22644 - Incoming Goods Suite Plugin

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access.

PLUGIN Incoming Goods Suite

CVE-2026-22644

MEDIUM CVSS 5.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-29

CVE-2026-22646 - Incoming Goods Suite Plugin

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths, database errors, or software versions) that can be used to map the application's internal structure and discover other, more critical vulnerabilities.

PLUGIN Incoming Goods Suite

CVE-2026-22646

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-0897 - Keras Plugin

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.

PLUGIN Keras

CVE-2026-0897

HIGH CVSS 7.1 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2025-13859 - Amazon Affiliate Plugin

The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_customization_settings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to store arbitrary JavaScript that executes whenever an AffiliateX block renders on the site.

PLUGIN Amazon Affiliate

CVE-2025-13859

MEDIUM CVSS 6.4 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2025-13062 - Supreme Modules Lite Plugin

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitization while being accepted as a valid JSON file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Supreme Modules Lite

CVE-2025-13062

HIGH CVSS 8.8 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2025-12895 - Woocommerce Theme

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium_vc_contact_form_request() function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to use the theme an an open mail relay and send email to arbitrary email addresses on the server's behalf.

THEME Woocommerce Theme

CVE-2025-12895

MEDIUM CVSS 5.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22918 - TDC-X401GL Plugin

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.

PLUGIN TDC-X401GL

CVE-2026-22918

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22916 - TDC-X401GL Plugin

An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.

PLUGIN TDC-X401GL

CVE-2026-22916

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22914 - TDC-X401GL Plugin

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.

PLUGIN TDC-X401GL

CVE-2026-22914

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22913 - TDC-X401GL Plugin

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.

PLUGIN TDC-X401GL

CVE-2026-22913

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22919 - TDC-X401GL Plugin

An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.

PLUGIN TDC-X401GL

CVE-2026-22919

LOW CVSS 3.8 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22908 - TDC-X401GL Plugin

Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.

PLUGIN TDC-X401GL

CVE-2026-22908

CRITICAL CVSS 9.1 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22910 - TDC-X401GL Plugin

The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.

PLUGIN TDC-X401GL

CVE-2026-22910

HIGH CVSS 7.5 2026-01-15
Open Full Technical Breakdown
Scroll to top