CVE-2026-8737
Sanluan PublicCMS 5.202506.d contains a vulnerability in the Trade Address Query Handler component. The issue is in publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java, where manipulating the arguments userId/id can bypass authentication. The flaw allo...