Lucene search
K

62 matches found

RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.19 views

CVE-2026-46493

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...

7.5CVSS5.5AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 8:17 p.m.10 views

CVE-2026-46493

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...

7.5CVSS0.00288EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/05 7:19 p.m.5 views

CVE-2026-46493

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...

7.5CVSS5.4AI score0.00288EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/05 7:19 p.m.30 views

CVE-2026-46493 haxtheweb/haxcms-php uses insecure method for generating salt

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...

7.5CVSS0.00288EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/05 7:19 p.m.7 views

CVE-2026-46493 haxtheweb/haxcms-php uses insecure method for generating salt

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...

7.5CVSS5.5AI score0.00288EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.13 views

PT-2026-47042

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.1 Description The software uses the uniqid function for generating salts, which is unsuitable for security purposes as it does not provide sufficient randomness. Recommendations Update to version 26.0.1...

7.5CVSS5.4AI score0.00288EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.7 views

HAXCMS 安全特征问题漏洞

HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS prior to 26.0.1 had security-related vulnerabilities, which stemmed from the use of uniqid to generate salt values, making them unsuitable for secure purposes...

7.5CVSS5.3AI score0.00288EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 4:29 a.m.23 views

CVE-2026-6287

The CVE-2026-6287 entry concerns the ShopLentor — WooCommerce Builder for Elementor & Gutenberg WordPress plugin. Vulnerability: Stored Cross‑Site Scripting via the blockUniqId attribute in multiple Product Grid blocks (versions up to and including 3.3.8) caused by insufficient input sanitization...

5.4CVSS6AI score0.00197EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.16 views

CVE-2026-9421

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

7.5CVSS6.8AI score0.00293EPSS
Exploits0References1
NVD
NVD
added 2026/05/25 4:16 a.m.21 views

CVE-2026-9421

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

7.5CVSS0.00293EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/25 3:15 a.m.8 views

CVE-2026-9421

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

7.5CVSS5.5AI score0.00293EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/25 3:15 a.m.39 views

CVE-2026-9421 KLiK SocialMediaWebsite File upload.inc.php uniqid unrestricted upload

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

7.5CVSS0.00293EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/25 3:15 a.m.10 views

CVE-2026-9421 KLiK SocialMediaWebsite File upload.inc.php uniqid unrestricted upload

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

7.5CVSS6.8AI score0.00293EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 3:15 a.m.18 views

CVE-2026-9421

CVE-2026-9421 affects KLiK SocialMediaWebsite 1.0. The vulnerability lies in the uniqid function within the file upload.inc.php of the File Handler component, enabling unrestricted file upload. It can be exploited remotely, and public disclosure of the exploit is noted in the entry. No remediatio...

7.5CVSS6.8AI score0.00293EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.18 views

PT-2026-42999

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

7.5CVSS6.8AI score0.00293EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

KLiK SocialMediaWebsite 代码问题漏洞

KLiK SocialMediaWebsite is a simple PHP-based social media website by the individual developer Muhammad Saad. A code issue vulnerability exists in version 1.0 of KLiK SocialMediaWebsite, which stems from the File Handler component's manipulation of the function uniqid in the file upload.inc.php,...

7.5CVSS7.1AI score0.00293EPSS
Exploits0References4
Metasploit
Metasploit
added 2026/01/16 6:59 p.m.381 views

AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery

This module exploits an unauthenticated remote code execution RCE vulnerability in AVideo's notify.ffmpeg.json.php endpoint. The vulnerability stems from a critical cryptographic weakness in the salt generation mechanism combined with information disclosure vulnerabilities that allow an attacker ...

6.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.4 views

CVE-2021-22948

Vulnerability in the generation of session IDs in revive-adserver 5.3.0, based on the cryptographically insecure uniqid PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account...

7.1CVSS6.8AI score0.02627EPSS
Exploits1References1
OSV
OSV
added 2025/12/23 8:15 p.m.3 views

CVE-2021-47720

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...

8.7CVSS5.9AI score0.003EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/23 7:34 p.m.3 views

CVE-2021-47720 Orangescrum 1.8.0 Authenticated SQL Injection via Multiple Parameters

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...

8.7CVSS7.6AI score0.003EPSS
Exploits1References3
Rows per page
Query Builder