| CVE-2026-46395 |
critical |
— |
9.5 |
|
|
|
11d ago |
HAXcms: Private Key Disclosure via Broken HMAC Implementation |
| CVE-2026-48527 |
high |
8.7 |
8.7 |
|
|
|
22h ago |
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode… |
| CVE-2026-46511 |
high |
— |
8.0 |
|
|
|
11d ago |
HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack |
| CVE-2026-46396 |
high |
— |
8.0 |
|
|
|
11d ago |
Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover |
| CVE-2026-46393 |
high |
— |
8.0 |
|
|
|
11d ago |
HAXcms createSite SSRF Enables Arbitrary File Read |
| CVE-2026-46357 |
medium |
— |
5.5 |
|
|
|
11d ago |
HAX CMS: Denial of Service using Malicious Import Request |
| CVE-2026-46496 |
medium |
— |
5.5 |
|
|
|
11d ago |
HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft |