3 matches found
EUVD-2025-16686
Malicious code in bioql PyPI...
GHSA-FVX2-X7FF-FC56 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint
Summary An unauthenticated information disclosure vulnerability exists in the PSU deployment of HAX CMS via the haxPsuUsage API endpoint. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues e.g., HAX-3...
CVE-2025-48996
CVE-2025-48996 describes an unauthenticated information disclosure in HAX open-apis used by PSU deployment of HAX CMS via the haxPsuUsage API endpoint. The vulnerability allows remote, unauthenticated users to enumerate a full list of PSU websites hosted on HAX CMS. The issue is associated with o...