CVE-2026-46399 Authenticated Remote Code Execution via File Overwrite

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CM...

EUVD-2026-34880

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CM...

CVE-2026-46399 Authenticated Remote Code Execution via File Overwrite

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CM...

CVE-2026-46399

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CM...

openssl security update

An update is available for openssl. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and...

RLSA-2026:22314 Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing...

CVE-2026-37700

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

RLSA-2026:22315 Moderate: compat-openssl10 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. Security Fixes: openssl: OpenSSL:...

compat-openssl10 security update

An update is available for compat-openssl10. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenSSL toolkit provides support for secure communications betwe...

HAX 安全漏洞

HAX is an open-source microsite managed using HAX+CMS with a PHP backend. Versions of HAX from 2.0.0 to 26.0.0 had security vulnerabilities. These vulnerabilities stemmed from the gitlist plugin exposing unauthenticated users, allowing unauthenticated users to browse git repositories and git...

PT-2026-47030

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An OS command injection issue exists in the Git.php library of the PHP backend. The application executes shell command strings using the proc open function without properly sanitizing input. An...

📄 Craft CMS 5.9.5 Missing Authorization / Denial of Service

Craft CMS versions 5.9.5 and below suffer from a missing authorization vulnerability that can trigger an unwanted migration. CVE-2026-31266 - Craft CMS Missing Authorization CVE Information | Field | Value | |-------|-------| | CVE ID | CVE-2026-31266 | | Vendor | Pixel & Tonic | | Product | Craf...

HAXCMS 安全漏洞

HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAX CMS prior to Node.js 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from two encryption implementation errors in the hmacBase64 function. This could allow unauthenticated attacke...

PT-2026-47031

Name of the Vulnerable Software and Affected Versions HAX CMS PHP version versions prior to 26.0.0 Description The PHP version of HAX CMS contains an authenticated file overwrite issue. An attacker can exploit this to configure malicious Git filter commands, leading to code execution on the serve...

PT-2026-47041

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An improper session termination issue exists where authentication tokens remain valid after a user logs out. This allows an attacker who possesses a valid token to maintain persistent access to...

PT-2026-47038

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An authenticated local file inclusion allows a low-privileged user to read arbitrary files on the server. By manipulating the location field written into site.json via the 'saveOutline' endpoint,...

PT-2026-47039

Name of the Vulnerable Software and Affected Versions HAX CMS versions 25.0.0 through 25.x Description The haxcms refresh token cookie is configured without the Secure flag. This configuration allows the cookie to be transmitted over unencrypted HTTP connections, which enables an attacker to stea...

PT-2026-47042

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.1 Description The software uses the uniqid function for generating salts, which is unsuitable for security purposes as it does not provide sufficient randomness. Recommendations Update to version 26.0.1...

HAX CMS PHP 代码问题漏洞

HAXCMS is an open-source content management system developed by HAX The Web. There were code vulnerabilities in HAX CMS versions from 11.0.6 to 25.0.0. These vulnerabilities stemmed from the file upload feature, which used regular expressions to validate file extensions but did not check the actu...

HAX 代码问题漏洞

HAX is an open-source microsite managed using HAX+CMS with a PHP backend. Versions of HAX prior to 26.0.0 had code vulnerabilities. These vulnerabilities stemmed from an authentication-based server-side request forgeing vulnerability, which could allow authenticated users to access arbitrary...