CVE-2026-46493

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...

CVE-2026-48527

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

PT-2026-47042

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.1 Description The software uses the uniqid function for generating salts, which is unsuitable for security purposes as it does not provide sufficient randomness. Recommendations Update to version 26.0.1...

CVE-2026-7065

Technical details are not publicly available in the provided documents. Monitor for updates.

OPENSUSE-SU-2026:10210-1 python311-pip-26.0.1-1.1 on GA media

These are all security issues fixed in the python311-pip-26.0.1-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2023-8430 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: NextCloud Server versions 26.0.0 through 26.0.1 NextCloud Enterprise Server versions 26.0.0 through 26.0.1 Description: The issue is related to open redirect vulnerability in Nextcloud Server and Nextcloud Enterprise Server. An attacker could...

PT-2023-8428 · Nextcloud +1 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 25.0.6 Nextcloud Server versions prior to 26.0.1 Description: A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout...