haxtheweb
Web & CMS Pluginscommercial
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting haxtheweb.
- CVE-2026-46357HAX CMS NodeJS application Vulnerable to Denial of Service using Malicious Import Request6.5
- CVE-2026-46493haxtheweb/haxcms-php uses insecure method for generating salt7.5
- CVE-2026-46397haxcms-php Local File Inclusion via saveOutline API Location Parameter v2.06.5
- CVE-2026-46392HAX CMS PHP Has a Stored XSS via Case-Sensitivity Mismatch in HTML Upload Validation8.7
- CVE-2026-48527HaxCMS has a stored Cross-Site Scripting (XSS) bypass in saveNode endpoint8.7
- CVE-2026-35185HAX CMS's public /server-status endpoint exposes authentication tokens, user activity, and client IP addresses7.5
- CVE-2026-22704HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover8.0
- CVE-2025-54378HAX CMS Backend Lacks Comprehensive Authorization Checks8.3
- CVE-2025-54139HAX CMS' application pages are vulnerable to clickjacking4.3
- CVE-2025-54137NodeJS version of the HAX CMS application is distributed with Default Secrets7.3
- CVE-2025-54134HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service6.5
- CVE-2025-54129HAXiam allows for User Enumeration4.3
- CVE-2025-54128HAX CMS NodeJs's Disabled Content Security Policy Enables Cross-Site Scripting6.1
- CVE-2025-54127HAXcms's Insecure Default Configuration Leads to Unauthenticated Access9.8
- CVE-2025-53642haxcms-nodejs and haxcms-php Improperly Terminate Sessions4.8