Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Cvelist
Cvelistadded last week27 views

CVE-2026-46400 HAXCMS PHP has a File Upload Validation Bypass

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...

8.7CVSS0.00359EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded last week3 views

CVE-2026-46400 HAXCMS PHP has a File Upload Validation Bypass

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/07/23 12:0 a.m.3 views

NodeJS 安全漏洞

NodeJS is a JavaScript runtime environment based on the ChromeV8 engine from the OpenJS Foundation. By encapsulating the Chromev8 engine and using event-driven and non-blocking IO applications make it possible to develop high-performance backend applications in Javascript. A security vulnerabilit...

6.1CVSS6.3AI score0.00198EPSS
Exploits1References5
Cvelist
Cvelistadded 2025/07/11 5:33 p.m.7 views

CVE-2025-53642 haxcms-nodejs and haxcms-php Improperly Terminate Sessions

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6...

4.8CVSS0.00164EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2025/06/09 8:30 p.m.18 views

HaxCMS-PHP Command Injection Vulnerability

Summary The 'gitImportSite' functionality obtains a URL string from a POST request and insufficiently validates user input. The ’setremote’ function later passes this input into ’procopen’, yielding OS command injection. Details The vulnerability exists in the logic of the ’gitImportSite’ functio...

8.8CVSS8.9AI score0.04034EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2025/06/09 8:30 p.m.3 views

GHSA-G4CF-PP4X-HQGW HaxCMS-PHP Command Injection Vulnerability

Summary The 'gitImportSite' functionality obtains a URL string from a POST request and insufficiently validates user input. The ’setremote’ function later passes this input into ’procopen’, yielding OS command injection. Details The vulnerability exists in the logic of the ’gitImportSite’ functio...

8.5CVSS8.2AI score0.04034EPSS
Exploits1References4
Rows per page
Query Builder