Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.24 views

EUVD-2025-22383

Malicious code in bioql PyPI...

7.3CVSS6.4AI score0.00316EPSS
Exploits0References4
Veracode
Veracode
added 2025/07/24 8:48 a.m.9 views

Use Of Hard-coded Credentials

@haxtheweb/haxcms-nodejs is vulnerable to Use of Hard-coded Credentials. The vulnerability is due to hardcoded default credentials and JWT private keys, followed by the lack of prompts or UI options to change them, which allows an attacker to gain unauthorized access to user or superuser accounts...

7.3CVSS6.4AI score0.00316EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/07/22 10:15 p.m.47 views

CVE-2025-54137

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

7.3CVSS0.00316EPSS
Exploits0References3
OSV
OSV
added 2025/07/22 9:34 p.m.18 views

CVE-2025-54137 NodeJS version of the HAX CMS application is distributed with Default Secrets

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

7.3CVSS6.5AI score0.00316EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/22 9:34 p.m.6 views

CVE-2025-54137 NodeJS version of the HAX CMS application is distributed with Default Secrets

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

7.3CVSS6.3AI score0.00316EPSS
Exploits0References3
CVE
CVE
added 2025/07/22 9:34 p.m.54 views

CVE-2025-54137

The CVE-2025-54137 entry pertains to HAX CMS NodeJS. Affected versions are 11.0.9 and earlier, which were shipped with hardcoded default credentials for user and superuser accounts and default JWT private keys. Installation does not prompt for credential/secret changes, and there is no UI path to...

7.3CVSS7AI score0.00316EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/21 7:53 p.m.17 views

NodeJS version of the HAX CMS application is distributed with Default Secrets

Summary The NodeJS version of the HAX CMS application is distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change credentials or secrets during installation, and there is no...

7.3CVSS7.2AI score0.00316EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/07/21 7:53 p.m.21 views

GHSA-5FPV-5QVH-7CF3 NodeJS version of the HAX CMS application is distributed with Default Secrets

Summary The NodeJS version of the HAX CMS application is distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change credentials or secrets during installation, and there is no...

7.3CVSS6.4AI score0.00316EPSS
Exploits0References5
Rows per page
Query Builder