Known Vulnerabilities for products from Halo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Halo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-55439 json | Not Provided | 2026-06-25 | 2026-06-25 | |
| CVE-2026-36759 json | Not Provided | 2026-04-30 | 2026-04-30 | |
| CVE-2026-36758 json | Not Provided | 2026-04-30 | 2026-04-30 | |
| CVE-2026-36757 json | Not Provided | 2026-04-30 | 2026-04-30 | |
| CVE-2026-36756 json | Not Provided | 2026-04-30 | 2026-04-30 | |
| CVE-2026-15326 json | Not Provided | 2026-07-10 | 2026-07-10 | |
| CVE-2025-60898 json | Not Provided | 2025-10-29 | 2026-07-05 | |
| CVE-2025-51857 json | Not Provided | 2025-08-05 | 2026-07-05 | |
| CVE-2025-15141 json | A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the... | Not Provided | 2025-12-28 | 2026-04-29 |
| CVE-2023-27164 json | An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file... | Not Provided | 2023-03-10 | 2026-07-09 |
| CVE-2022-32995 json | Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. | 9.8 - CRITICAL | 2022-06-27 | 2022-07-06 |
| CVE-2022-32994 json | Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upl... | 9.8 - CRITICAL | 2022-06-27 | 2022-07-06 |
| CVE-2022-26619 json | Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. | 7.5 - HIGH | 2022-04-05 | 2022-04-12 |
| CVE-2022-22125 json | In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authe... | 4.8 - MEDIUM | 2022-01-13 | 2022-01-20 |
| CVE-2021-43659 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-03-24 | 2022-03-29 |
| CVE-2020-23079 json | SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | 7.5 - HIGH | 2021-07-12 | 2021-07-12 |
| CVE-2020-21527 json | There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when del... | 7.7 - HIGH | 2020-09-30 | 2020-10-07 |
| CVE-2020-21526 json | An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory travers... | 9.8 - CRITICAL | 2020-09-30 | 2020-10-07 |
| CVE-2020-21525 json | Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal ch... | 7.5 - HIGH | 2020-09-30 | 2020-10-08 |
| CVE-2020-21524 json | There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/a... | 9.1 - CRITICAL | 2020-09-30 | 2020-10-08 |
Known software with vulnerabilities from Halo
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Halo | Halo | 0.0.1 |