High CVE-2026-46391 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

[High] CVE-2026-46391 – HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in...

VERWANDTEARTIKEL

CVE-2026-46400 - HAXCMS PHP has a File Upload Validation Bypass

CVE-2026-45779 - Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise

CVE-2026-46398 - HAX CMS Missing Secure Flag on Cookie

CVE-2026-45758 - Malicious code in guardrails-ai 0.10.1 (supply chain compromise)

CVE-2026-45777 - Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection

CVE-2026-45778 - Open XDMoD Vulnerable to Reflected Cross-Site Scripting (XSS) in Password Reset