Every CVE whose affected-product data names Psu Haxcms-nodejs, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2025-54127 — CVSS 9.8 (critical): HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS…
CVE-2025-49137 — CVSS 8.5 (high): HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not…
CVE-2025-49141 — CVSS 8.5 (high): HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the `gitImportSite` functionality…
CVE-2025-54378 — CVSS 8.3 (high): HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and below of haxcms-nodejs and…
CVE-2026-22704 — CVSS 8.0 (high): HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored…
CVE-2025-54137 — CVSS 7.3 (high): HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with…
CVE-2025-54134 — CVSS 6.5 (medium): HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS…
CVE-2025-54128 — CVSS 6.1 (medium): HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of…
CVE-2025-49139 — CVSS 5.3 (medium): HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the HAX site editor, users can…
CVE-2025-53642 — CVSS 4.8 (medium): haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or…
CVE-2025-54139 — CVSS 4.3 (medium): HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in…