5 matches found
CVE-2026-46401 HAX CMS PHP has Insufficient Session Expiration
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...
CVE-2026-46393
The CVE-2026-46393 entry documents an authenticated SSRF in HAXcms createSite. In affected versions prior to 26.0.0, a malicious build.files input lets an authenticated user cause server-side requests (via file_get_contents on attacker-controlled tmp_name), enabling fetches of arbitrary internal/...
HAXCMS 跨站脚本漏洞
HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS prior to 26.0.0 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of iframe elements, which could allow attackers to execute arbitrary JavaScript in the victim...
pyOpenSSL 22.0.x < 26.0.0 Buffer Overflow
The version of pyOpenSSL installed on the remote host is prior to 26.0.0. It is, therefore, affected by a buffer overflow vulnerability: - pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to...
Linux Distros Unpatched Vulnerability : CVE-2026-27459
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to...