Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35185

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens usertoken, user activity, client IP addresses, and server configuration details. This allows a...

8.7CVSS5.9AI score0.00355EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/06 7:24 p.m.9 views

EUVD-2026-19469

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens usertoken, user activity, client IP addresses, and server configuration details. This allows a...

8.7CVSS5.9AI score0.00355EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:24 p.m.3 views

CVE-2026-35185

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens usertoken, user activity, client IP addresses, and server configuration details. This allows a...

8.7CVSS5.9AI score0.00355EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/07 6:5 a.m.14 views

CVE-2025-12721

The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /serverstatus REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the serv...

5.3CVSS5.6AI score0.00239EPSS
Exploits0References1
OSV
OSV
added 2020/09/02 2:15 a.m.4 views

UBUNTU-CVE-2020-25073

FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service or from PageKite is considered a local connection. This affects both the freedombox and plinth packages of some...

5.3CVSS5.8AI score0.0214EPSS
Exploits1References3
Rows per page
Query Builder