CVE-2026-46493

Affected software : HAX CMS running PHP or Node.js backends. Vulnerability : older releases (before 26.0.1) use PHP’s uniqid to generate salts, which is inappropriate for secure salt generation. Root cause : insecure randomness source in salt generation. Impact : described risk is consistent with...

CVE-2026-46493

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...

CVE-2026-48527

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

CVE-2026-48101

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

PT-2026-47042

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.1 Description The software uses the uniqid function for generating salts, which is unsuitable for security purposes as it does not provide sufficient randomness. Recommendations Update to version 26.0.1...

CVE-2026-48527 HaxCMS has a stored Cross-Site Scripting (XSS) bypass in saveNode endpoint

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

PT-2026-44828

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

CVE-2026-7065

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-40393

In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca...

Mesa 缓冲区错误漏洞

Mesa is an open-source proxy modeling framework developed by Mesa projects. Versions of Mesa prior to 25.3.6 and 26.0.1 contain a buffer error vulnerability. This vulnerability stems from the fact that the amount of data to be allocated in WebGPU depends on an untrusted party, which is then used...

OPENSUSE-SU-2026:10210-1 python311-pip-26.0.1-1.1 on GA media

These are all security issues fixed in the python311-pip-26.0.1-1.1 package on the GA media of openSUSE Tumbleweed...

Apple多款产品 安全漏洞

Apple iOS and others are products of Apple Inc. in the U.S. Apple iOS is an operating system developed for mobile devices. apple iPadOS is an operating system for iPad tablets. apple visionOS is an operating system for AR glasses. A security vulnerability exists in multiple Apple products that...

About the security content of visionOS 26.0.1

About the security content of visionOS 26.0.1 This document describes the security content of visionOS 26.0.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

Apple Security Update: watchOS 26.0.1

Apple recommends to install security update watchOS 26.0.1 on devices Apple Watch Ultra 3...

Moby 安全漏洞

Moby is an open source project designed to drive containerization of software and help the ecosystem mainstream container technology. A security vulnerability exists in Moby versions 26.0.0 and 26.0.1 that stems from a vulnerability that allows an attacker to enable IPv6 on an IPv4-only network...

PT-2023-8430 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: NextCloud Server versions 26.0.0 through 26.0.1 NextCloud Enterprise Server versions 26.0.0 through 26.0.1 Description: The issue is related to open redirect vulnerability in Nextcloud Server and Nextcloud Enterprise Server. An attacker could...

PT-2023-8428 · Nextcloud +1 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 25.0.6 Nextcloud Server versions prior to 26.0.1 Description: A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout...