CVE ID :CVE-2026-46391 Published : June 5, 2026, 7:16 p.m. | 1 hour, 58 minutes ago Description :HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-46391 - HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis

VERWANDTEARTIKEL

[High] CVE-2026-11416 – MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclo...

[High] CVE-2026-11424 – A server-side request forgery (SSRF) vulnerability exists in a GraphQL service c...

[Critical] CVE-2026-11429 – A path traversal vulnerability exists in the Git Service component shared by Alt...

[High] CVE-2026-11431 – A path traversal vulnerability exists in the Projects Service download endpoint ...

CVE-2026-11416 - MoviePilot Path Traversal via Cloud Storage Download Handlers

CVE-2026-11424 - Server-Side Request Forgery in Altium Platform Design GraphQL Service Allows Information Disclosure