CVE-2026-46357

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire...

CVE-2026-46395

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

EUVD-2026-34886

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

PT-2026-47042

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...

Malicious code in s4-node-test-backend (npm)

The package s4-node-test-backend was found to contain malicious code...

cucumber-html-reporter-common-functions (>=1.0.24 <=1.0.32), cucumber-report-generator (=1.0.3) +10 more potentially affected by CVE-2017-16077 via mongose (=0.0.2-security)

mongose NPM version =0.0.2-security is affected by a known vulnerability. The following packages have a transitive dependency on mongose and may be impacted: - cucumber-html-reporter-common-functions =1.0.24, =1.0.0, =1.0.7, =1.0.58, =1.0.12, =1.0.17, =1.1.11 - owltech =1.0.0 - reports-server...