CVE-2026-46394

CVE-2026-46394 : HAX CMS PHP backend prior to v26.0.0 is vulnerable to OS command injection in the Git.php library. The application builds shell commands from unsanitized input and executes them via proc_open(); only one of 17 command-invoking functions uses escapeshellarg(), increasing risk. An ...

CVE-2026-46394 HAX CMS Vulnerable to Command Injection using Git.php

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The application constructs shell command strings using unsanitized input and executes them via procopen. An...

PT-2026-47030

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The application constructs shell command strings using unsanitized input and executes them via proc open. An...

PT-2025-48094

Name of the Vulnerable Software and Affected Versions AI Feeds plugin for WordPress versions through 1.0.11 Description The AI Feeds plugin for WordPress is susceptible to arbitrary file uploads because of a missing capability check in the actualizador git.php file. This allows unauthenticated...

PT-2025-48093

Name of the Vulnerable Software and Affected Versions CIBELES AI plugin for WordPress versions through 1.10.8 Description The CIBELES AI plugin for WordPress has a flaw that allows unauthorized file uploads. This is due to a missing check for appropriate permissions within the actualizador git.ph...