Lucene search
K

8 matches found

NVD
NVD
added 2026/06/05 8:17 p.m.17 views

CVE-2026-46398

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...

8.8CVSS0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 7:19 p.m.35 views

CVE-2026-46493 haxtheweb/haxcms-php uses insecure method for generating salt

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...

7.5CVSS0.00288EPSS
Exploits0References3
CVE
CVE
added 2026/06/05 7:13 p.m.22 views

CVE-2026-46398

HAX CMS vulnerability: the haxcms_refresh_token cookie is set without the Secure flag in versions 25.0.0 through

8.8CVSS5.4AI score0.00183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 6:27 p.m.14 views

CVE-2026-46395 HAX CMS Vulnerable to Private Key Disclosure via Broken HMAC Implementation

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

9.3CVSS5.9AI score0.00295EPSS
Exploits1References1
CVE
CVE
added 2026/06/05 6:13 p.m.25 views

CVE-2026-46399

CVE-2026-46399 affects HAX CMS with PHP backend prior to v26.0.0. The vulnerability is an authenticated file overwrite that allows an attacker to configure malicious Git filter commands, leading to code execution on the HAX CMS server. The issue is specific to the PHP version before 26.0.0; the f...

9.4CVSS6.1AI score0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

HAX 安全漏洞

HAX is an open-source microsite managed using HAX+CMS with a PHP backend. There were security vulnerabilities in HAX CMS PHP versions prior to 26.0.0. These vulnerabilities stemmed from an authentication-based local file inclusion vulnerability in the saveOutline endpoint, which could allow...

6.5CVSS5.6AI score0.00289EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.15 views

PT-2026-41978

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description A stored cross-site scripting XSS issue exists due to improper sanitization of the component. The application fails to validate user-supplied input in the source and source-data attributes, allowing...

9.3CVSS5.3AI score0.0023EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:24 p.m.3 views

CVE-2026-35185

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens usertoken, user activity, client IP addresses, and server configuration details. This allows a...

8.7CVSS5.9AI score0.00355EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder