Name of the Vulnerable Software and Affected Versions: HAX CMS NodeJS versions 11.0.9 and below Description: HAX CMS NodeJS is distributed with hardcoded default credentials for user and superuser acc ...
Continue Reading
July 28, 2025
Name of the Vulnerable Software and Affected Versions: Chaindesk versions through 2025-05-26 Description: A stored Cross-Site Scripting (XSS) vulnerability exists in the agent chat component. An attac ...
Continue Reading
July 28, 2025
Name of the Vulnerable Software and Affected Versions: AIBOX LLM chat versions through 2025-05-27 Description: A reflected cross-site scripting (XSS) issue exists, potentially allowing attackers to hi ...
Continue Reading
July 28, 2025
Name of the Vulnerable Software and Affected Versions: HCL IEM (affected versions not specified) Description: HCL IEM is susceptible to an issue involving improper invalidation of access or JWT (JSON ...
Continue Reading
July 28, 2025
Name of the Vulnerable Software and Affected Versions: CapillaryScope version 2.5.0 Description: The software lacks sensitive data encryption, storing proxy credentials and the JWT session token in pl ...
Continue Reading
July 28, 2025
HCL IEM is affected by an improper invalidation of access or JWT token vulnerability. A token was not invalidated which may allow attackers to access sensitive data without...Read More ...
Continue Reading
July 28, 2025
Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Window ...
Continue Reading
July 28, 2025
Summary The HAX CMS API endpoints do not perform authorization checks when interacting with a resource. Both the JS and PHP versions of the CMS do not verify that a user has permission to interact wit ...
Continue Reading
July 27, 2025
Back to Main
