CVE-2025-54134 – HAX CMS NodeJs allows users to manage their micros

July 21, 2025

CVE ID : CVE-2025-54134

Published : July 21, 2025, 9:15 p.m. | 3 hours, 25 minutes ago

Description : HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints. This vulnerability exists because the application does not properly handle exceptions which occur as a result of changes to user-modifiable URL parameters. This is fixed in version 11.0.9.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53832 – Lara Translate MCP Server is a Model Context Proto

Next Article CVE-2025-54129 – HAXiam is a packaging wrapper for HAXcms which all

Highlights

CVE-2025-1055 – K7 Security Anti-Malware IOCTL Elevation of Privilege Vulnerability

June 10, 2025

CVE ID : CVE-2025-1055

Published : June 11, 2025, 12:15 a.m. | 1 hour, 35 minutes ago

Description : A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver’s IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications.

Severity: 5.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-54134 – HAX CMS NodeJs allows users to manage their micros

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

Microsoft has a new tool to get you off Windows 10 and onto a Windows 11 PC

Development Release: Elive 3.8.48 (Beta)

Microsoft Defender Spoofing Vulnerability Allows Privilege Escalation and AD Access

CVE-2025-6906 – Car Rental System SQL Injection Vulnerability

CVE-2025-1055 – K7 Security Anti-Malware IOCTL Elevation of Privilege Vulnerability

Wacom says its new drawing tablet needs no setup and has a pen that can’t die

This Week in Laravel: API Responses, Faster CSVs, and More

Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist

CVE-2025-54134 – HAX CMS NodeJs allows users to manage their micros

Related Posts