| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-24687 | Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac | umbraco | Umbraco.Forms.Issues | - | - | 2026-01-29 19:57:24 | Deep Dive |
| CVE-2026-22704 | HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover | haxtheweb | issues | High | 8.0 | 2026-01-10 06:22:45 | Deep Dive |
| CVE-2025-54378 | HAX CMS Backend Lacks Comprehensive Authorization Checks | haxtheweb | issues | High | 8.3 | 2025-07-26 03:27:34 | Deep Dive |
| CVE-2025-54139 | HAX CMS' application pages are vulnerable to clickjacking | haxtheweb | issues | Medium | 4.3 | 2025-07-22 23:24:13 | Deep Dive |
| CVE-2025-54137 | NodeJS version of the HAX CMS application is distributed with Default Secrets | haxtheweb | issues | High | 7.3 | 2025-07-22 21:34:20 | Deep Dive |
| CVE-2025-54134 | HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service | haxtheweb | issues | 中危 | - | 2025-07-21 20:58:36 | Deep Dive |
| CVE-2025-54129 | HAXiam allows for User Enumeration | haxtheweb | issues | Medium | 4.3 | 2025-07-21 20:53:27 | Deep Dive |
| CVE-2025-54128 | HAX CMS NodeJs's Disabled Content Security Policy Enables Cross-Site Scripting | haxtheweb | issues | 高危 | - | 2025-07-21 20:46:32 | Deep Dive |
| CVE-2025-54127 | HAXcms's Insecure Default Configuration Leads to Unauthenticated Access | haxtheweb | issues | 超危 | - | 2025-07-21 20:36:44 | Deep Dive |
| CVE-2025-53642 | haxcms-nodejs and haxcms-php Improperly Terminate Sessions | haxtheweb | issues | Medium | 4.8 | 2025-07-11 17:33:06 | Deep Dive |
| CVE-2025-49141 | HaxCMS-PHP Command Injection Vulnerability | haxtheweb | issues | High | 8.5 | 2025-06-09 21:11:09 | Deep Dive |
| CVE-2025-49139 | @haxtheweb/haxcms-nodejs Iframe Phishing vulnerability | haxtheweb | issues | Medium | 5.3 | 2025-06-09 21:08:44 | Deep Dive |
| CVE-2025-49138 | HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter | haxtheweb | issues | Medium | 6.5 | 2025-06-09 21:05:23 | Deep Dive |
| CVE-2025-49137 | Hax CMS Stored Cross-Site Scripting vulnerability | haxtheweb | issues | High | 8.5 | 2025-06-09 21:00:16 | Deep Dive |
| CVE-2025-48996 | Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint | haxtheweb | issues | Medium | 5.3 | 2025-06-02 19:24:45 | Deep Dive |
| CVE-2025-47280 | Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow | umbraco | Umbraco.Forms.Issues | - | - | 2025-05-13 17:06:57 | Deep Dive |
| CVE-2025-32028 | HAX CMS PHP allows Insecure File Upload to Lead to Remote Code Execution | haxtheweb | issues | Critical | 9.9 | 2025-04-08 16:06:34 | Deep Dive |
| CVE-2025-23041 | Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms | umbraco | Umbraco.Forms.Issues | Medium | 5.8 | 2025-01-14 18:54:45 | Deep Dive |
| CVE-2024-35240 | Stored Cross-site Scripting on Print Functionality in Umbraco Commerce | umbraco | Umbraco.Commerce.Issues | Medium | 5.4 | 2024-05-28 20:15:32 | Deep Dive |
| CVE-2024-35239 | Stored Cross-site Scripting on Components of Umbraco Forms | umbraco | Umbraco.Forms.Issues | Low | 2.7 | 2024-05-28 20:15:29 | Deep Dive |