Vulnerabilities in haxtheweb
33 resultsCVE-2025-32028CRITICALHAX CMS PHP allows Insecure File Upload to Lead to Remote Code ExecutionEPSS 1.6%CVE-2025-49141HIGHHaxCMS-PHP Command Injection VulnerabilityEPSS 1.5%CVE-2026-22704HIGHHAXcms Has Stored XSS Vulnerability that May Lead to Account TakeoverEPSS 1.0%CVE-2026-46394HIGHHAX CMS Vulnerable to Command Injection using Git.phpEPSS 0.8%CVE-2026-46391HIGHHAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apisEPSS 0.5%CVE-2025-54378HIGHHAX CMS Backend Lacks Comprehensive Authorization ChecksEPSS 0.4%CVE-2025-49138MEDIUMHAX CMS vulnerable to Local File Inclusion via saveOutline API Location ParameterEPSS 0.4%CVE-2025-54127CRITICALHAXcms's Insecure Default Configuration Leads to Unauthenticated AccessEPSS 0.4%CVE-2025-54134HIGHHAX CMS NodeJs's Improper Error Handling Leads to Denial of ServiceEPSS 0.4%CVE-2026-46400HIGHHAXCMS PHP has a File Upload Validation BypassEPSS 0.4%CVE-2026-35185HIGHHAX CMS's public /server-status endpoint exposes authentication tokens, user activity, and client IP addressesEPSS 0.4%CVE-2025-49139MEDIUM@haxtheweb/haxcms-nodejs Iframe Phishing vulnerabilityEPSS 0.3%CVE-2025-54137HIGHNodeJS version of the HAX CMS application is distributed with Default SecretsEPSS 0.3%CVE-2025-48996MEDIUMUnauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API EndpointEPSS 0.3%CVE-2026-46401MEDIUMHAX CMS PHP has Insufficient Session ExpirationEPSS 0.3%CVE-2025-54139MEDIUMHAX CMS' application pages are vulnerable to clickjackingEPSS 0.3%CVE-2026-46395CRITICALHAX CMS Vulnerable to Private Key Disclosure via Broken HMAC ImplementationEPSS 0.3%CVE-2026-46399CRITICALAuthenticated Remote Code Execution via File OverwriteEPSS 0.3%CVE-2026-46397MEDIUMhaxcms-php Local File Inclusion via saveOutline API Location Parameter v2.0EPSS 0.3%CVE-2026-46493HIGHhaxtheweb/haxcms-php uses insecure method for generating saltEPSS 0.3%