|
231
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-46400
|
2026-06-6 05:48 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
232
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after …
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-46401
|
2026-06-6 05:48 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
233
|
7.5 |
HIGH
Network
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `uniqid` for generating salts, which is unsuitable. Version 26.0.1 fixes the issue.
New
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-46493
|
2026-06-6 05:48 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
234
|
7.1 |
HIGH
Adjacent
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension …
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-8874
|
2026-06-6 05:47 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
235
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no …
New
|
NVD-CWE-noinfo
|
CVE-2026-8881
|
2026-06-6 05:46 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
236
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. A…
New
|
CWE-917
CWE-1333
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Inefficient Regular Expression Complexity
|
CVE-2026-8888
|
2026-06-6 05:46 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
237
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes).
New
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-8889
|
2026-06-6 05:46 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
238
|
8.2 |
HIGH
Network
|
mosaic5g
|
flexric
|
FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned up; subsequen…
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-37234
|
2026-06-6 05:42 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
239
|
7.8 |
HIGH
Local
|
trustedfirmware
|
op-tee
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior …
Update
|
CWE-416
Use After Free
|
CVE-2026-40290
|
2026-06-6 05:20 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
240
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the `<video-p…
New
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-46496
|
2026-06-6 05:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
