8 matches found
EUVD-2025-22383
Malicious code in bioql PyPI...
Use Of Hard-coded Credentials
@haxtheweb/haxcms-nodejs is vulnerable to Use of Hard-coded Credentials. The vulnerability is due to hardcoded default credentials and JWT private keys, followed by the lack of prompts or UI options to change them, which allows an attacker to gain unauthorized access to user or superuser accounts...
CVE-2025-54137
HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...
CVE-2025-54137 NodeJS version of the HAX CMS application is distributed with Default Secrets
HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...
CVE-2025-54137 NodeJS version of the HAX CMS application is distributed with Default Secrets
HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...
CVE-2025-54137
The CVE-2025-54137 entry pertains to HAX CMS NodeJS. Affected versions are 11.0.9 and earlier, which were shipped with hardcoded default credentials for user and superuser accounts and default JWT private keys. Installation does not prompt for credential/secret changes, and there is no UI path to...
NodeJS version of the HAX CMS application is distributed with Default Secrets
Summary The NodeJS version of the HAX CMS application is distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change credentials or secrets during installation, and there is no...
GHSA-5FPV-5QVH-7CF3 NodeJS version of the HAX CMS application is distributed with Default Secrets
Summary The NodeJS version of the HAX CMS application is distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change credentials or secrets during installation, and there is no...