CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4411 matches found

RedhatCVE•added 2025/07/23 9:32 p.m.•17 views

CVE-2025-54134

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles...

7.1CVSS6AI score0.00388EPSS

Exploits0References1

RedhatCVE•added 2025/07/23 9:32 p.m.•5 views

CVE-2025-54128

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of HAX CMS has a disabled Content Security Policy CSP. This configuration is insecure for a production application because it does not protect against...

7.2CVSS6.2AI score0.00202EPSS

Exploits0References1

CNNVD•added 2025/07/23 12:0 a.m.•3 views

NodeJS 安全漏洞

NodeJS is a JavaScript runtime environment based on the ChromeV8 engine from the OpenJS Foundation. By encapsulating the Chromev8 engine and using event-driven and non-blocking IO applications make it possible to develop high-performance backend applications in Javascript. A security vulnerabilit...

6.1CVSS6.3AI score0.003EPSS

Exploits1References5

Photon•added 2025/07/23 12:0 a.m.•5 views

Important Photon OS Security Update - PHSA-2025-4.0-0839

Updates of 'nodejs' packages of Photon OS have been released...

7.5CVSS7.3AI score0.09752EPSS

Exploits5

Vulnrichment•added 2025/07/22 11:24 p.m.•5 views

CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking

HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...

4.3CVSS6.1AI score0.003EPSS

Exploits1References3

Cvelist•added 2025/07/22 11:24 p.m.•9 views

CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking

4.3CVSS0.003EPSS

Exploits1References3

CVE•added 2025/07/22 11:24 p.m.•30 views

CVE-2025-54139

CVE-2025-54139 affects HAX CMS NodeJS and PHP backends. Versions haxcms-nodejs ≤ 11.0.12 and haxcms-php ≤ 11.0.7 expose pages without anti-iframe headers, enabling unauthenticated attackers to load sensitive pages (including login) in an iframe and perform a UI redress (clickjacking). Impact is U...

6.1CVSS6.8AI score0.003EPSS

Exploits1References3Affected Software2

OSV•added 2025/07/22 11:24 p.m.•4 views

CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking

4.3CVSS6.4AI score0.003EPSS

Exploits1References5

NVD•added 2025/07/22 10:15 p.m.•19 views

CVE-2025-54137

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

7.3CVSS0.00316EPSS

Exploits0References3

OSV•added 2025/07/22 10:15 p.m.•9 views

AZL-76338 CVE-2025-8010 affecting package nodejs24 24.13.0-3

Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.0025EPSS

Exploits0References1

Cvelist•added 2025/07/22 9:34 p.m.•32 views

CVE-2025-54137 NodeJS version of the HAX CMS application is distributed with Default Secrets

7.3CVSS0.00316EPSS

Exploits0References3

Vulnrichment•added 2025/07/22 9:34 p.m.•6 views

CVE-2025-54137 NodeJS version of the HAX CMS application is distributed with Default Secrets

7.3CVSS6.3AI score0.00316EPSS

Exploits0References3

OSV•added 2025/07/22 9:34 p.m.•17 views

CVE-2025-54137 NodeJS version of the HAX CMS application is distributed with Default Secrets

7.3CVSS6.5AI score0.00316EPSS

Exploits0References5

OSV•added 2025/07/22 6:14 p.m.•3 views

CLSA-2025-1753208069 nodejs: Fix of CVE-2025-23166

CVE-2025-23166: src: fix error handling on async crypto operations...

7.5CVSS7.3AI score0.00763EPSS

Exploits0References1

SUSE CVE•added 2025/07/21 11:24 p.m.•2 views

SUSE CVE-2025-27209

The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...

7.5CVSS7AI score0.00771EPSS

Exploits0References3

NVD•added 2025/07/21 9:15 p.m.•5 views

CVE-2025-54127

HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...

9.8CVSS0.00403EPSS

Exploits0References1

NVD•added 2025/07/21 9:15 p.m.•4 views

CVE-2025-54128

7.2CVSS0.00202EPSS

Exploits0References2

NVD•added 2025/07/21 9:15 p.m.•8 views

CVE-2025-54134

7.1CVSS0.00388EPSS

Exploits0References4

vulnersOsv•added 2025/07/21 9:12 p.m.•20 views

@haxtheweb/create (>=0.1.3 <=11.0.2), @haxtheweb/open-apis (=11.0.2) potentially affected by CVE-2025-54139 via @haxtheweb/haxcms-nodejs (>=0.0.13 <=10.0.6)

@haxtheweb/haxcms-nodejs NPM version =0.0.13, =0.1.3, =11.0.2 - @haxtheweb/open-apis =11.0.2 Source cves: CVE-2025-54139 Source advisory: OSV:GHSA-54VW-F4XF-F92J...

6.1CVSS5.8AI score0.003EPSS

Exploits1

Cvelist•added 2025/07/21 8:58 p.m.•19 views

CVE-2025-54134 HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service

7.1CVSS0.00388EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by