CVE-2025-70886

High CVSS: 7.5

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint

Vendor

Halo

Product

Halo

CWE

CWE-400

Yayın Tarihi

2026-02-12 16:16:05

Güncelleme

2026-02-18 15:45:23

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-400 Halo HIGH Halo 2026

Referanslar

https://github.com/HowieHz/CVE-2025-70886 https://github.com/halo-dev/halo/issues/7890 https://howiehz.top/archives/halo-comment-payload-tweaker

Benzer Kayıtlar

Low

CVE-2025-15141

A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator o…

Medium

CVE-2025-44593

Halo prior to 2.20.13 allows bypassing file type detection and uploading malicious files such as .exe and .html files. S…

Medium

CVE-2025-44595

Halo v2.20.17 and before is vulnerable to Cross Site Scripting (XSS) in /halo_host/archives/{name}.

Critical

CVE-2025-44594

halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/a…

Medium

CVE-2024-56156

Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypa…