5 matches found
CVE-2026-35185
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens usertoken, user activity, client IP addresses, and server configuration details. This allows a...
EUVD-2026-19469
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens usertoken, user activity, client IP addresses, and server configuration details. This allows a...
PT-2026-30720
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens user token, user activity, client IP addresses, and server configuration details. This allows...
CVE-2026-1694
PcVue is affected by CVE-2026-1694 in versions 12.0.0–16.3.3, where the default IIS/ASP.NET configuration adds HTTP headers that are not removed during deployment, potentially exposing server configuration details. The vulnerability is a server-information disclosure due to exposed HTTP headers a...
CVE-2021-41385
The third party intelligence connector in Securonix SNYPR 6.3.1 Build 1842950302 allows an authenticated user to obtain access to server configuration details via SSRF...