Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2025/06/05 1:7 a.m.26 views

Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint

Summary An unauthenticated information disclosure vulnerability exists in the PSU deployment of HAX CMS via the haxPsuUsage API endpoint. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues e.g., HAX-3...

5.3CVSS6.8AI score0.00313EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/04 8:13 p.m.27 views

CVE-2025-48996

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...

5.3CVSS7AI score0.00313EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/02 7:24 p.m.62 views

CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...

5.3CVSS0.00313EPSS
Exploits0References2
OSV
OSV
added 2025/06/02 7:24 p.m.21 views

CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...

5.3CVSS6.1AI score0.00313EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.7 views

PT-2025-23555 · Hax · Hax Cms +1

Name of the Vulnerable Software and Affected Versions: HAX open-apis versions up to and including 10.0.2 Description: An unauthenticated information disclosure issue exists in the HAX content management system via the haxPsuUsage API endpoint. This allows any remote unauthenticated user to retrie...

5.3CVSS6.3AI score0.00313EPSS
Exploits0References9
Rows per page
Query Builder