High
CVE-2025-70886
An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the…
Low
CVE-2025-15141
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator o…
Medium
CVE-2025-44593
Halo prior to 2.20.13 allows bypassing file type detection and uploading malicious files such as .exe and .html files. S…
Critical
CVE-2025-44594
halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/a…
Medium
CVE-2024-56156
Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypa…