Every CVE whose affected-product data names Psu Haxcms-php, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2025-32028 — CVSS 9.9 (critical): HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP…
CVE-2025-49137 — CVSS 8.5 (high): HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not…
CVE-2025-49141 — CVSS 8.5 (high): HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the `gitImportSite` functionality…
CVE-2025-54378 — CVSS 8.3 (high): HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and below of haxcms-nodejs and…
CVE-2025-49138 — CVSS 6.5 (medium): HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File…
CVE-2025-49139 — CVSS 5.3 (medium): HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the HAX site editor, users can…
CVE-2025-53642 — CVSS 4.8 (medium): haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or…
CVE-2025-54139 — CVSS 4.3 (medium): HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in…