| CVE-2026-46395 |
critical |
— |
9.5 |
|
|
|
18d ago |
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the `hmacBase64()` function in the HAXcms Node.js backend contains two critical cryptographic implementat… |
| CVE-2026-48527 |
high |
8.7 |
8.7 |
|
|
|
8d ago |
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode… |
| CVE-2026-46511 |
high |
— |
8.0 |
|
|
|
18d ago |
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the `/system/api/connectionSetti… |
| CVE-2026-46396 |
high |
— |
8.0 |
|
|
|
18d ago |
HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of `<iframe>` el… |
| CVE-2026-46393 |
high |
— |
8.0 |
|
|
|
18d ago |
HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions prior to 26.0.0 allows authenticated users to fetch … |
| CVE-2026-46357 |
medium |
6.5 |
6.5 |
|
|
|
17d ago |
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site crea… |
| CVE-2026-46496 |
medium |
— |
5.5 |
|
|
|
18d ago |
HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the `<video-p… |
