Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

haxtheweb — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting haxtheweb. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by haxtheweb:issuesHAXiam
CVE IDTitleCVSSSeverityPublished
CVE-2026-35185 HAX CMS's public /server-status endpoint exposes authentication tokens, user activity, and client IP addresses — HAXiamCWE-284 7.5AIHighAI2026-04-06
CVE-2026-22704 HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover — issuesCWE-79 8.1 High2026-01-10
CVE-2025-54378 HAX CMS Backend Lacks Comprehensive Authorization Checks — issuesCWE-285 8.3 High2025-07-26
CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking — issuesCWE-1021 4.3 Medium2025-07-22
CVE-2025-54137 NodeJS version of the HAX CMS application is distributed with Default Secrets — issuesCWE-1392 7.3 High2025-07-22
CVE-2025-54134 HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service — issuesCWE-20 6.5 -2025-07-21
CVE-2025-54129 HAXiam allows for User Enumeration — issuesCWE-204 4.3 Medium2025-07-21
CVE-2025-54128 HAX CMS NodeJs's Disabled Content Security Policy Enables Cross-Site Scripting — issuesCWE-79 6.1 -2025-07-21
CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access — issuesCWE-1188 7.1 -2025-07-21
CVE-2025-53642 haxcms-nodejs and haxcms-php Improperly Terminate Sessions — issuesCWE-613 4.8 Medium2025-07-11
CVE-2025-49141 HaxCMS-PHP Command Injection Vulnerability — issuesCWE-78 8.6 High2025-06-09
CVE-2025-49139 @haxtheweb/haxcms-nodejs Iframe Phishing vulnerability — issuesCWE-1021 5.3 Medium2025-06-09
CVE-2025-49138 HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter — issuesCWE-22 6.5 Medium2025-06-09
CVE-2025-49137 Hax CMS Stored Cross-Site Scripting vulnerability — issuesCWE-79 8.5 High2025-06-09
CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint — issuesCWE-201 5.3 Medium2025-06-02
CVE-2025-32028 HAX CMS PHP allows Insecure File Upload to Lead to Remote Code Execution — issuesCWE-434 10.0 Critical2025-04-08

This page lists every published CVE security advisory associated with haxtheweb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.