VYPR

Haxiam

by Psu

CVEs (1)

  • CVE-2026-35185HigApr 6, 2026
    risk 0.49cvss 7.5epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens (user_token), user activity, client IP addresses, and server configuration…