CVE-2024-56156 – Halo File Type Validation Bypass Vulnerability

April 25, 2025

CVE ID : CVE-2024-56156

Published : April 25, 2025, 4:15 p.m. | 2 hours, 46 minutes ago

Description : Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. This issue has been patched in version 2.20.13.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2070 – “FileZ XML Parsing Denial of Service”

Next Article CVE-2025-2068 – FileZ Open Redirect Information Disclosure

Highlights

CVE-2025-49125 – Apache Tomcat PreResources/PostResources Path Bypass

June 16, 2025

CVE ID : CVE-2025-49125

Published : June 16, 2025, 3:15 p.m. | 3 hours, 6 minutes ago

Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.

Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2024-56156 – Halo File Type Validation Bypass Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

Why Startups and Enterprises Prefer to Hire Dedicated Developers in 2025

The rise of AI PCs: How businesses are reshaping their tech to keep up

Xnec2c – graphical NEC2 antenna simulation

I spent hours demoing Samsung’s newest soundbar, and this one feature separates it from the bunch

CVE-2025-49125 – Apache Tomcat PreResources/PostResources Path Bypass

Rilasciato Fastfetch 2.45: Novità nello Strumento di Informazioni di Sistema

CVE-2025-2409 – ASPECT File Corruption Vulnerability (Write-What-Where)

TeamViewer Remote Management Bug (CVE-2025-36537) Enables Privilege Escalation

CVE-2024-56156 – Halo File Type Validation Bypass Vulnerability

Related Posts