5 matches found
CVE-2026-46396 HAX CMS has a stored XSS via <iframe> that allows access to sensitive client-side data and account takeover
HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...
HAXCMS 安全漏洞
HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS from 25.0.0 to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the haxcmsrefreshtoken cookie did not have the Secure flag set. This allowed the token to be...
CVE-2026-48527 HaxCMS has a stored Cross-Site Scripting (XSS) bypass in saveNode endpoint
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...
UBUNTU-CVE-2026-49299
In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...
Moby 安全漏洞
Moby is an open source project designed to drive containerization of software and help the ecosystem mainstream container technology. A security vulnerability exists in Moby versions 26.0.0 and 26.0.1 that stems from a vulnerability that allows an attacker to enable IPv6 on an IPv4-only network...