Exploit Database

146,315 exploits tracked across all sources.

Sort: Activity Stars
CVE-2026-41940 GITHUB CRITICAL shell
cPanel and WHM Authentication Bypass via Login Flow
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
by shahidmallaofficial
CVSS 9.8
CVE-2026-31431 GITHUB HIGH c
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by Dabbleam
1 stars
CVSS 7.8
CVE-2026-31431 NOMISEC HIGH
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by selectel
CVSS 7.8
CVE-2025-51846 WRITEUP HIGH
CryptPad unbounded WebSocket frame flood
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.
CVSS 7.5
CVE-2025-71284 WRITEUP CRITICAL
Synway SMG Gateway Management Software OS Command Injection via radius_address
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can inject arbitrary shell commands by submitting a POST request with crafted radius_address, radius_address2, shared_secret2, source_ip, timeout, or retry parameters along with save=1 and enable_radius=1 to achieve remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 (UTC).
CVSS 9.8
CVE-2026-36756 WRITEUP MEDIUM
Halo v2.22.14 - Server-Side Request Forgery
A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
CVSS 5.4
CVE-2026-36757 WRITEUP MEDIUM
Halo v2.22.14 - Server-Side Request Forgery
A Server-Side Request Forgery (SSRF) in the /plugins/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
CVSS 4.3
CVE-2026-36758 WRITEUP MEDIUM
Halo v2.22.14 - Server-Side Request Forgery
A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
CVSS 4.3
CVE-2026-36759 WRITEUP MEDIUM
Halo v2.22.14 - Server-Side Request Forgery
A Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
CVSS 6.5
CVE-2024-56156 WRITEUP CRITICAL
halo < 2.20.13 - Stored Cross-Site Scripting and Remote Code Execution via File Upload Bypass
Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. This issue has been patched in version 2.20.13.
CVSS 9.0
CVE-2024-56156 WRITEUP CRITICAL
halo < 2.20.13 - Stored Cross-Site Scripting and Remote Code Execution via File Upload Bypass
Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. This issue has been patched in version 2.20.13.
CVSS 9.0
CVE-2024-43793 WRITEUP MEDIUM
Halo < 2.19.0 - Cross-Site Scripting
Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. This vulnerability is fixed in 2.19.0.
CVSS 6.3
CVE-2024-43792 WRITEUP MEDIUM
Halo < 2.17.0 - Cross-Site Scripting
Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. Users are advised to upgrade to version 2.17.0+. There are no known workarounds for this vulnerability.
CVSS 6.3
CVE-2025-70886 WRITEUP HIGH
halo < 2.22.4 - Denial of Service via Comment Submission Payload
An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint
CVSS 7.5
CVE-2023-33528 WRITEUP MEDIUM
halo v1.6.0 - Cross-Site Scripting
halo v1.6.0 is vulnerable to Cross Site Scripting (XSS).
CVSS 6.1
CVE-2026-36759 WRITEUP MEDIUM
Halo v2.22.14 - Server-Side Request Forgery
A Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
CVSS 6.5
CVE-2026-36758 WRITEUP MEDIUM
Halo v2.22.14 - Server-Side Request Forgery
A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
CVSS 4.3
CVE-2026-36757 WRITEUP MEDIUM
Halo v2.22.14 - Server-Side Request Forgery
A Server-Side Request Forgery (SSRF) in the /plugins/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
CVSS 4.3
CVE-2026-36756 WRITEUP MEDIUM
Halo v2.22.14 - Server-Side Request Forgery
A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
CVSS 5.4
CVE-2022-28074 WRITEUP MEDIUM
Halo 1.5.0 - Stored Cross-Site Scripting via Admin Tools Page
Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools.
CVSS 4.8
CVE-2022-26619 WRITEUP HIGH
Halo Blog CMS <1.4.17 - File Upload
Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function.
CVSS 7.5
CVE-2022-22125 WRITEUP MEDIUM
Halo 1.0.0-1.4.17 - Authenticated Stored Cross-Site Scripting in Article Tag
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server.
CVSS 4.8
CVE-2022-22124 WRITEUP MEDIUM
Halo 1.0.0-1.4.17 - Authenticated Stored Cross-Site Scripting via SVG Profile Image Upload
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser.
CVSS 5.4
CVE-2022-22123 WRITEUP MEDIUM
fit2cloud halo 1.0.0-1.4.17 - Authenticated Stored Cross-Site Scripting in Article Title
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server.
CVSS 5.4
CVE-2021-43659 WRITEUP MEDIUM
halo 1.4.14 - Stored Cross-Site Scripting via Avatar Upload
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
CVSS 5.4