Known Vulnerabilities for products from Halo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Halo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-36759 json | Not Provided | 2026-04-30 | 2026-04-30 | |
| CVE-2026-36758 json | Not Provided | 2026-04-30 | 2026-04-30 | |
| CVE-2026-36757 json | Not Provided | 2026-04-30 | 2026-04-30 | |
| CVE-2026-36756 json | Not Provided | 2026-04-30 | 2026-04-30 | |
| CVE-2025-15141 json | A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the... | Not Provided | 2025-12-28 | 2026-04-29 |
| CVE-2025-14117 json | Not Provided | 2025-12-06 | 2026-02-24 | |
| CVE-2023-27164 json | An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file... | 4.8 - MEDIUM | 2023-03-10 | 2023-03-31 |
| CVE-2022-32995 json | Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. | 9.8 - CRITICAL | 2022-06-27 | 2022-07-06 |
| CVE-2022-32994 json | Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upl... | 9.8 - CRITICAL | 2022-06-27 | 2022-07-06 |
| CVE-2022-26619 json | Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. | 7.5 - HIGH | 2022-04-05 | 2022-04-12 |
| CVE-2022-22125 json | In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authe... | 4.8 - MEDIUM | 2022-01-13 | 2022-01-20 |
| CVE-2021-43659 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-03-24 | 2022-03-29 |
| CVE-2020-23079 json | SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | 7.5 - HIGH | 2021-07-12 | 2021-07-12 |
| CVE-2020-21527 json | There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when del... | 7.7 - HIGH | 2020-09-30 | 2020-10-07 |
| CVE-2020-21526 json | An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory travers... | 9.8 - CRITICAL | 2020-09-30 | 2020-10-07 |
| CVE-2020-21525 json | Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal ch... | 7.5 - HIGH | 2020-09-30 | 2020-10-08 |
| CVE-2020-21524 json | There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/a... | 9.1 - CRITICAL | 2020-09-30 | 2020-10-08 |
| CVE-2020-21523 json | A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file ca... | 9.8 - CRITICAL | 2020-09-30 | 2020-10-09 |
| CVE-2020-21522 json | An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrit... | 9.8 - CRITICAL | 2020-09-30 | 2020-10-13 |
| CVE-2020-21345 json | Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote m... | 6.1 - MEDIUM | 2021-05-20 | 2021-05-25 |
Known software with vulnerabilities from Halo
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Halo | Halo | 0.0.1 |