5.3
CVE-2025-49139 - @haxtheweb/haxcms-nodejs Iframe Phishing vulnerability
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the HAX site editor, users can create a website block to load another site in an iframe. The application allows users to supply a target URL in the website block. When the HAX site is visitedβ¦
6.5
CVE-2025-49138 - HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location fieldβ¦
5.3
CVE-2025-5897 - vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos
A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression compβ¦
8.5
CVE-2025-49137 - Hax CMS Stored Cross-Site Scripting vulnerability
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input and store it in thβ¦
5.3
CVE-2025-5896 - tarojs taro index.js redos
A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Uβ¦
7.5
CVE-2025-49004 - Hijacking Caido instance during the initial setup via DNS Rebinding to achieve RCE
Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website loadedβ¦
5.3
CVE-2025-5895 - Metabase dom.js parseDataUri redos
A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit hβ¦
5.3
CVE-2025-5892 - RocketChat parseMessage.js parseMessage redos
A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression complexβ¦
0.0
CVE-2025-5951 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.3
CVE-2025-5891 - Unitech pm2 Config.js redos
A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the β¦