NVD disclosure day
CVE-2026-8721
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
Crypt::OpenSSL::PKCS12 handles passwords incorrectly, allowing an external attacker to weaken security and easily guess credentials. This flaw could lead to the theft of sensitive private keys or certificates, resulting in unauthorized access to protected business information.
CVE-2026-8507
Halo Surface Signal: 3 out of 5 — possibly public-facing.
Crypt::OpenSSL::PKCS12 contains a security flaw that allows an external attacker to seize control of systems that process specific cryptographic files. By submitting a malicious file, an attacker could run unauthorized code, potentially leading to the compromise of sensitive application data and the underlying server.
CVE-2018-25335
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
WordPress plugin Peugeot Music has a critical flaw letting anyone upload malicious code to take over your site without needing a password.
CVE-2018-25332
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
GitBucket versions prior to 4.24.0 have a critical flaw allowing unauthenticated attackers to run commands on your server, potentially impacting sensitive data and operations.
CVE-2018-25320
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An internal attacker can exploit a vulnerability in ACL Analytics to run unauthorized commands with full administrative access. This allows them to take complete control of the system, posing a significant risk to the security of sensitive business data.