|
2341
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcms_refresh_token cookie is set without the Secure flag. This allow…
|
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
CVE-2026-46398
|
2026-06-6 05:48 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2342
|
7.5 |
HIGH
Network
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `uniqid` for generating salts, which is unsuitable. Version 26.0.1 fixes the issue.
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-46493
|
2026-06-6 05:48 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2343
|
7.1 |
HIGH
Adjacent
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-8874
|
2026-06-6 05:47 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2344
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no …
|
NVD-CWE-noinfo
|
CVE-2026-8881
|
2026-06-6 05:46 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2345
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. A…
|
CWE-917
CWE-1333
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Inefficient Regular Expression Complexity
|
CVE-2026-8888
|
2026-06-6 05:46 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2346
|
8.2 |
HIGH
Network
|
mosaic5g
|
flexric
|
FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned up; subsequen…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-37234
|
2026-06-6 05:42 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2347
|
7.8 |
HIGH
Local
|
trustedfirmware
|
op-tee
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior …
|
CWE-416
Use After Free
|
CVE-2026-40290
|
2026-06-6 05:20 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2348
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the `<video-p…
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-46496
|
2026-06-6 05:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2349
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the `hmacBase64()` function in the HAXcms Node.js backend contains two critical cryptographic implementat…
|
CWE-200
CWE-321
CWE-327
Information Exposure
Use of Hard-coded Cryptographic Key
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-46395
|
2026-06-6 05:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2350
|
8.7 |
HIGH
Network
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the file…
|
CWE-178
CWE-434
Improper Handling of Case Sensitivity
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-46392
|
2026-06-6 05:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
