CVE-2025-14117

Medium CVSS: 5.3

A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Fit2cloud

Product

Halo

CWE

CWE-352

Yayın Tarihi

2025-12-06 06:15:53

Güncelleme

2025-12-12 12:44:42

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-352 Halo MEDIUM Fit2cloud 2025

Referanslar

https://blksword.flowus.cn/ https://github.com/BlkSword/POC https://vuldb.com/?ctiid.334494 https://vuldb.com/?id.334494 https://vuldb.com/?submit.697391 https://github.com/BlkSword/POC

Benzer Kayıtlar

High

CVE-2026-32949

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Se…

High

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a cr…

High

CVE-2026-32622

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a S…

Medium

CVE-2026-31798

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts,…

Medium

CVE-2026-31864

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template…

Medium

CVE-2025-15598

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend…