CVE 9.3 CRITICAL HAX CMS has a stored XSS via that allows access to sensitive client-side data and account takeover_CVE-2026-46396</h1> <div class="entry-meta"> <span class="meta-date"> <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="4" width="18" height="18" rx="2"/><path d="M16 2v4M8 2v4M3 10h18"/></svg> June 5, 2026 </span> <span class="meta-author"> <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"/><circle cx="12" cy="7" r="4"/></svg> invoker </span> <span class="meta-category"> <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M22 19a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h5l2 3h9a2 2 0 0 1 2 2z"/></svg> category_cve </span> </div> </header> <div class="entry-content"> <div class="security-detail"> <!-- CVSS Hero --> <div class="cvss-hero cvss-hero--critical"> <div class="cvss-hero-score"> <span class="cvss-number">9.3</span> <span class="cvss-max">/ 10</span> </div> <div class="cvss-hero-info"> <span class="cvss-severity-label">CRITICAL</span> <div class="cvss-vector-row"> <code>CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N</code> <button class="copy-btn copy-btn--small" onclick="SecurityNews.copyToClipboard('CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N')" title="Copy vector"> <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="9" y="9" width="13" height="13" rx="2"/><path d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1"/></svg> </button> </div> </div> </div> <!-- Description --> <section class="detail-block"> <h3 class="detail-block-title">Description</h3> <div class="detail-block-body description-text"> HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of <iframe> elements. The application allows `javascript:` URIs in the `src` attribute, which are executed when a malicious page is viewed. This enables attackers to execute arbitrary JavaScript in the context of the victimβs browser and access sensitive data exposed to client-side scripts. Version 26.0.0 fixes the issue. </div> </section> <!-- AI Analysis --> <section class="detail-block detail-block--ai"> <h3 class="detail-block-title"> <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 2a4 4 0 0 0-4 4v2H6a2 2 0 0 0-2 2v10a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V10a2 2 0 0 0-2-2h-2V6a4 4 0 0 0-4-4z"/></svg> AI Analysis </h3> <div class="detail-block-body"> <p>Stored cross-site scripting (XSS) vulnerability due to improper sanitization of iframe elements, allowing attackers to execute arbitrary JavaScript and access sensitive client-side data.</p> </div> </section> <!-- Direct Link --> <!-- Info Grid --> <div class="detail-grid"> <!-- Basic Information --> <section class="detail-card"> <h4 class="detail-card-title"> <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="10"/><path d="M12 16v-4M12 8h.01"/></svg> Basic Information </h4> <div class="info-row"> <span class="info-label">ID</span> <span class="info-value mono">CVE-2026-46396</span> </div> <div class="info-row"> <span class="info-label">Source</span> <span class="info-value">GitHub_M</span> </div> <div class="info-row"> <span class="info-label">Published</span> <span class="info-value">Jun 5, 2026 at 18:44</span> </div> </section> <!-- Affected Product --> <section class="detail-card"> <h4 class="detail-card-title"> <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="2" y="3" width="20" height="14" rx="2"/><path d="M8 21h8M12 17v4"/></svg> Affected Product </h4> <div class="info-row"> <span class="info-label">Vendor</span> <span class="info-value">haxtheweb</span> </div> <div class="info-row"> <span class="info-label">Product</span> <span class="info-value">haxcms-nodejs</span> </div> <div class="info-row"> <span class="info-label">Version</span> <span class="info-value mono">< 26.0.0</span> </div> <div class="info-row info-row--stacked"> <span class="info-label">Affected Versions</span> <span class="info-value info-value--list">haxtheweb haxcms-nodejs < 26.0.0<br /> haxtheweb video-player < 26.0.0<br /> haxtheweb iframe-loader < 26.0.0</span> </div> </section> <!-- CWE --> <section class="detail-card"> <h4 class="detail-card-title"> <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/></svg> CWE Classification </h4> <div class="cwe-chips"> <a href="https://cwe.mitre.org/data/definitions/79.html" target="_blank" rel="noopener" class="cwe-chip">CWE-79</a> </div> </section> <!-- AI Scores --> <section class="detail-card detail-card--ai"> <h4 class="detail-card-title"> <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 2a4 4 0 0 0-4 4v2H6a2 2 0 0 0-2 2v10a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V10a2 2 0 0 0-2-2h-2V6a4 4 0 0 0-4-4z"/></svg> AI Assessment </h4> <div class="info-row"> <span class="info-label">AI Score</span> <span class="info-value"><strong>9.3</strong> / 10</span> </div> <div class="info-row"> <span class="info-label">AI Severity</span> <span class="info-value">Critical</span> </div> <div class="info-row"> <span class="info-label">Vendor</span> <span class="info-value">haxtheweb</span> </div> <div class="info-row"> <span class="info-label">Product</span> <span class="info-value">HAX CMS</span> </div> <div class="info-row"> <span class="info-label">Version</span> <span class="info-value mono">< 26.0.0</span> </div> </section> </div> <!-- References --> <section class="detail-block"> <h3 class="detail-block-title">References</h3> <ul class="reference-list"> <li> <a href="https://github.com/haxtheweb/issues/security/advisories/GHSA-jh3h-rpxg-fr36" target="_blank" rel="noopener noreferrer" class="ref-link"> <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M18 13v6a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V8a2 2 0 0 1 2-2h6"/><polyline points="15 3 21 3 21 9"/><line x1="10" y1="14" x2="21" y2="3"/></svg> <span class="ref-host">github.com</span> <span class="ref-path">/haxtheweb/issues/security/advisories/GHSA-jh3h-rpxg-fr36</span> </a> </li> </ul> </section> <!-- Raw JSON Drawer --> <div class="json-drawer"> <button class="json-drawer-toggle" type="button" aria-expanded="false"> <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z"/><polyline points="14 2 14 8 20 8"/></svg> <span class="drawer-title">Raw JSON Data</span> <svg class="drawer-arrow" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="m6 9 6 6 6-6"/></svg> </button> <div class="json-drawer-content" style="display: none;"> <div class="json-toolbar"> <button class="copy-btn" onclick="SecurityNews.copyToClipboard("{\"lastseen\":\"\",\"description\":\"HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of <iframe> elements. The application allows `javascript:` URIs in the `src` attribute, which are executed when a malicious page is viewed. This enables attackers to execute arbitrary JavaScript in the context of the victim\\u2019s browser and access sensitive data exposed to client-side scripts. Version 26.0.0 fixes the issue.\",\"published\":\"2026-06-05T18:44:28.997Z\",\"modified\":\"2026-06-05T18:44:28.997Z\",\"type\":\"cve\",\"title\":\"HAX CMS has a stored XSS via <iframe> that allows access to sensitive client-side data and account takeover\",\"source\":\"GitHub_M\",\"references\":\"https:\\\/\\\/github.com\\\/haxtheweb\\\/issues\\\/security\\\/advisories\\\/GHSA-jh3h-rpxg-fr36\",\"id\":\"CVE-2026-46396\",\"bulletinFamily\":\"\",\"cwe\":[\"CWE-79\"],\"cvelist\":null,\"sourceData\":\"haxtheweb haxcms-nodejs < 26.0.0\\nhaxtheweb video-player < 26.0.0\\nhaxtheweb iframe-loader < 26.0.0\",\"sourceHref\":\"\",\"cvss\":{\"score\":9.3,\"severity\":\"CRITICAL\",\"vector\":\"CVSS:4.0\\\/AV:N\\\/AC:L\\\/AT:N\\\/PR:L\\\/UI:P\\\/VC:H\\\/VI:H\\\/VA:N\\\/SC:H\\\/SI:H\\\/SA:N\",\"version\":\"4.0\"},\"cvss2\":[],\"cvss3\":{\"version\":\"\",\"vectorString\":\"\",\"baseScore\":0,\"baseSeverity\":\"\",\"attackVector\":\"\",\"attackComplexity\":\"\",\"privilegesRequired\":\"\",\"userInteraction\":\"\",\"scope\":\"\",\"confidentialityImpact\":\"\",\"integrityImpact\":\"\",\"availabilityImpact\":\"\",\"cvssV3\":{\"version\":\"\",\"vectorString\":\"\",\"baseScore\":0,\"baseSeverity\":\"\",\"attackVector\":\"\",\"attackComplexity\":\"\",\"privilegesRequired\":\"\",\"userInteraction\":\"\",\"scope\":\"\",\"confidentialityImpact\":\"\",\"integrityImpact\":\"\",\"availabilityImpact\":\"\"}},\"href\":\"\",\"category_name\":\"CVE\",\"post_link\":\"\",\"product\":\"haxcms-nodejs\",\"version\":\"< 26.0.0\",\"vendor\":\"haxtheweb\",\"ai_description\":\"Stored cross-site scripting (XSS) vulnerability due to improper sanitization of iframe elements, allowing attackers to execute arbitrary JavaScript and access sensitive client-side data.\",\"ai_severity\":\"Critical\",\"ai_vendor\":\"haxtheweb\",\"ai_product\":\"HAX CMS\",\"ai_version\":\"< 26.0.0\",\"ai_score\":9.3}")"> <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="9" y="9" width="13" height="13" rx="2"/><path d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1"/></svg> Copy JSON </button> </div> <pre class="json-content" data-raw-json="{ "lastseen": "", "description": "HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of <iframe> elements. The application allows `javascript:` URIs in the `src` attribute, which are executed when a malicious page is viewed. This enables attackers to execute arbitrary JavaScript in the context of the victim\u2019s browser and access sensitive data exposed to client-side scripts. Version 26.0.0 fixes the issue.", "published": "2026-06-05T18:44:28.997Z", "modified": "2026-06-05T18:44:28.997Z", "type": "cve", "title": "HAX CMS has a stored XSS via <iframe> that allows access to sensitive client-side data and account takeover", "source": "GitHub_M", "references": "https://github.com/haxtheweb/issues/security/advisories/GHSA-jh3h-rpxg-fr36", "id": "CVE-2026-46396", "bulletinFamily": "", "cwe": [ "CWE-79" ], "cvelist": null, "sourceData": "haxtheweb haxcms-nodejs < 26.0.0\nhaxtheweb video-player < 26.0.0\nhaxtheweb iframe-loader < 26.0.0", "sourceHref": "", "cvss": { "score": 9.3, "severity": "CRITICAL", "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N", "version": "4.0" }, "cvss2": [], "cvss3": { "version": "", "vectorString": "", "baseScore": 0, "baseSeverity": "", "attackVector": "", "attackComplexity": "", "privilegesRequired": "", "userInteraction": "", "scope": "", "confidentialityImpact": "", "integrityImpact": "", "availabilityImpact": "", "cvssV3": { "version": "", "vectorString": "", "baseScore": 0, "baseSeverity": "", "attackVector": "", "attackComplexity": "", "privilegesRequired": "", "userInteraction": "", "scope": "", "confidentialityImpact": "", "integrityImpact": "", "availabilityImpact": "" } }, "href": "", "category_name": "CVE", "post_link": "", "product": "haxcms-nodejs", "version": "< 26.0.0", "vendor": "haxtheweb", "ai_description": "Stored cross-site scripting (XSS) vulnerability due to improper sanitization of iframe elements, allowing attackers to execute arbitrary JavaScript and access sensitive client-side data.", "ai_severity": "Critical", "ai_vendor": "haxtheweb", "ai_product": "HAX CMS", "ai_version": "< 26.0.0", "ai_score": 9.3 }">{ "lastseen": "", "description": "HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of <iframe> elements. The application allows `javascript:` URIs in the `src` attribute, which are executed when a malicious page is viewed. This enables attackers to execute arbitrary JavaScript in the context of the victim\u2019s browser and access sensitive data exposed to client-side scripts. Version 26.0.0 fixes the issue.", "published": "2026-06-05T18:44:28.997Z", "modified": "2026-06-05T18:44:28.997Z", "type": "cve", "title": "HAX CMS has a stored XSS via <iframe> that allows access to sensitive client-side data and account takeover", "source": "GitHub_M", "references": "https://github.com/haxtheweb/issues/security/advisories/GHSA-jh3h-rpxg-fr36", "id": "CVE-2026-46396", "bulletinFamily": "", "cwe": [ "CWE-79" ], "cvelist": null, "sourceData": "haxtheweb haxcms-nodejs < 26.0.0\nhaxtheweb video-player < 26.0.0\nhaxtheweb iframe-loader < 26.0.0", "sourceHref": "", "cvss": { "score": 9.3, "severity": "CRITICAL", "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N", "version": "4.0" }, "cvss2": [], "cvss3": { "version": "", "vectorString": "", "baseScore": 0, "baseSeverity": "", "attackVector": "", "attackComplexity": "", "privilegesRequired": "", "userInteraction": "", "scope": "", "confidentialityImpact": "", "integrityImpact": "", "availabilityImpact": "", "cvssV3": { "version": "", "vectorString": "", "baseScore": 0, "baseSeverity": "", "attackVector": "", "attackComplexity": "", "privilegesRequired": "", "userInteraction": "", "scope": "", "confidentialityImpact": "", "integrityImpact": "", "availabilityImpact": "" } }, "href": "", "category_name": "CVE", "post_link": "", "product": "haxcms-nodejs", "version": "< 26.0.0", "vendor": "haxtheweb", "ai_description": "Stored cross-site scripting (XSS) vulnerability due to improper sanitization of iframe elements, allowing attackers to execute arbitrary JavaScript and access sensitive client-side data.", "ai_severity": "Critical", "ai_vendor": "haxtheweb", "ai_product": "HAX CMS", "ai_version": "< 26.0.0", "ai_score": 9.3 }</pre> </div> </div> </div> </div> <footer class="entry-footer"> <div class="entry-tags"><span class="tags-label">Tags</span><div class="tag-list"><a href="https://zero.redgem.net/?tag=critical" rel="tag">CRITICAL</a><a href="https://zero.redgem.net/?tag=cve" rel="tag">CVE</a><a href="https://zero.redgem.net/?tag=cvss" rel="tag">CVSS</a><a href="https://zero.redgem.net/?tag=cvss-9.3" rel="tag">CVSS-9.3</a><a href="https://zero.redgem.net/?tag=exploit" rel="tag">exploit</a><a href="https://zero.redgem.net/?tag=news" rel="tag">news</a><a href="https://zero.redgem.net/?tag=security" rel="tag">Security</a><a href="https://zero.redgem.net/?tag=tapic" rel="tag">tapic</a><a href="https://zero.redgem.net/?tag=vulnerability" rel="tag">Vulnerability</a></div></div> <div class="post-navigation"> <div class="post-nav-grid"> <a href="https://zero.redgem.net/?p=60227" class="post-nav-link post-nav-prev"> <span class="post-nav-dir"> <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="m15 18-6-6 6-6"/></svg> Previous </span> <span class="post-nav-title">HAX CMS Vulnerable to Private Key Disclosure via...</span> </a> <a href="https://zero.redgem.net/?p=60229" class="post-nav-link post-nav-next"> <span class="post-nav-dir"> Next <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="m9 18 6-6-6-6"/></svg> </span> <span class="post-nav-title">Authenticated Remote Code Execution via File Overwrite_CVE-2026-46399</span> </a> </div> </div> </footer> <!-- RedGem CTA --> <aside class="redgem-cta-card"> <div class="cta-inner"> <div class="cta-text"> <h3>Stay Protected with RedGem</h3> <p>AI-powered attack surface monitoring, dark web intelligence, and vulnerability scanning in one platform.</p> </div> <div class="cta-actions"> <a href="https://www.redgem.net" class="btn-primary" target="_blank" rel="noopener">Start Free Trial</a> <a href="https://www.redgem.net/demo" class="btn-secondary" target="_blank" rel="noopener">Request Demo</a> </div> </div> </aside> </article> <div id="comments" class="comments-area"> <div id="respond" class="comment-respond"> <h3 id="reply-title" class="comment-reply-title">π Join the Security Discussion <small><a rel="nofollow" id="cancel-comment-reply-link" href="/?p=60228#respond" style="display:none;">β Cancel Reply</a></small></h3><form action="https://zero.redgem.net/wp-comments-post.php" method="post" id="commentform" class="comment-form security-comment-form"><div class="comment-notes"> <p>π Your email address will not be published. Required fields are marked <span class="required">*</span></p> <p>β οΈ Please be respectful and constructive in your comments. Security discussions should remain professional.</p> </div><div class="comment-form-comment"> <label for="comment">π¬ Your Comment <span class="required">*</span></label> <textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525" required="required" placeholder="Share your thoughts on this security advisory..."></textarea> </div><div class="comment-form-author"> <label for="author">π€ Name </label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" /> </div> <div class="comment-form-email"> <label for="email">π§ Email </label> <input id="email" name="email" type="email" value="" size="30" maxlength="100" /> </div> <div class="comment-form-url"> <label for="url">π Website</label> <input id="url" name="url" type="url" value="" size="30" maxlength="200" /> </div> <p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes" /> <label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the next time I comment.</label></p> <div class="g-recaptcha" style="transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: 0 0; -webkit-transform-origin: 0 0;" data-sitekey="6LejfrMsAAAAAMk9PFMJ2LRof2S86gzzKEJO8mZX"></div><script src='https://www.google.com/recaptcha/api.js?ver=1.34' id='wpcaptcha-recaptcha-js'></script><p class="form-submit"><input name="submit" type="submit" id="submit" class="submit-comment-btn" value="π€ Post Comment" /> <input type='hidden' name='comment_post_ID' value='60228' id='comment_post_ID' /> <input type='hidden' name='comment_parent' id='comment_parent' value='0' /> </p></form> </div><!-- #respond --> </div> </div> </div> </main><!-- #primary --> </div><!-- #content --> <footer id="colophon" class="site-footer"> <div class="footer-accent"></div> <div class="container"> <div class="footer-top"> <div class="footer-brand"> <div class="footer-logo"> <img src="https://www.redgem.net/logo.png" alt="zero redgem" width="100" height="80" class="footer-logo-img" /> </div> <p class="footer-tagline">Your trusted source for security vulnerabilities, exploits, and CVE intelligence. Part of the RedGem security platform.</p> <div class="footer-social"> <a href="#" aria-label="Twitter" title="Follow us on Twitter"> <svg width="16" height="16" viewBox="0 0 24 24" fill="currentColor"><path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z"/></svg> </a> <a href="#" aria-label="GitHub" title="View on GitHub"> <svg width="16" height="16" viewBox="0 0 24 24" fill="currentColor"><path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546-1.387-1.333-1.756-1.333-1.756-1.089-.745.083-.729.083-.729 1.205.084 1.839 1.237 1.839 1.237 1.07 1.834 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.604-2.665-.305-5.467-1.334-5.467-5.931 0-1.311.469-2.381 1.236-3.221-.124-.303-.535-1.524.117-3.176 0 0 1.008-.322 3.301 1.23A11.509 11.509 0 0112 5.803c1.02.005 2.047.138 3.006.404 2.291-1.552 3.297-1.23 3.297-1.23.653 1.653.242 2.874.118 3.176.77.84 1.235 1.911 1.235 3.221 0 4.609-2.807 5.624-5.479 5.921.43.372.823 1.102.823 2.222v3.293c0 .319.192.694.801.576C20.566 21.797 24 17.3 24 12c0-6.627-5.373-12-12-12z"/></svg> </a> <a href="https://zero.redgem.net/?feed=rss2" aria-label="RSS Feed" title="RSS Feed"> <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M4 11a9 9 0 0 1 9 9"/><path d="M4 4a16 16 0 0 1 16 16"/><circle cx="5" cy="19" r="1"/></svg> </a> </div> </div> <div class="footer-links-grid"> <div class="footer-section"> <h4>Quick Links</h4> <ul> <li><a href="https://zero.redgem.net/">Home</a></li> <li><a href="https://zero.redgem.net/?s=">Search</a></li> </ul> </div> <div class="footer-section"> <h4>RedGem Platform</h4> <ul> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Main Platform</a></li> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Asset Discovery</a></li> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Leakage Detection</a></li> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Vulnerability Scanners</a></li> </ul> </div> <div class="footer-section"> <h4>Security Resources</h4> <ul> <li><a href="https://cve.mitre.org/" target="_blank" rel="noopener">CVE Database</a></li> <li><a href="https://nvd.nist.gov/" target="_blank" rel="noopener">NVD</a></li> <li><a href="https://www.exploit-db.com/" target="_blank" rel="noopener">Exploit-DB</a></li> <li><a href="https://www.securityfocus.com/" target="_blank" rel="noopener">SecurityFocus</a></li> </ul> </div> </div> </div> <div class="footer-bottom"> <div class="footer-info"> <p>© 2026 zero redgem. All rights reserved.</p> <p>Powered by <a href="https://wordpress.org/" target="_blank" rel="noopener">WordPress</a> · RedGem Security Theme</p> </div> <div class="footer-badges"> <span class="footer-badge"> <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/></svg> Secured </span> <span class="footer-badge"> <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M22 11.08V12a10 10 0 1 1-5.93-9.14"/><polyline points="22 4 12 14.01 9 11.01"/></svg> Verified Data </span> </div> </div> </div> </footer> </div><!-- #page --> <script id="security-news-script-js-extra"> var securityNewsAjax = {"ajaxurl":"//zero.redgem.net/wp-admin/admin-ajax.php","nonce":"3c802768c6"}; //# sourceURL=security-news-script-js-extra </script> <script src="https://zero.redgem.net/wp-content/themes/security-news/js/theme.js?ver=2.14.0" id="security-news-script-js"></script> <script id="wp-emoji-settings" type="application/json"> {"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://zero.redgem.net/wp-includes/js/wp-emoji-release.min.js?ver=6.9.4"}} </script> <script type="module"> /*! This file is auto-generated */ const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything||((t=a.source||{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))}); //# sourceURL=https://zero.redgem.net/wp-includes/js/wp-emoji-loader.min.js </script> </body> </html>
