PT-2026-41525

A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefile key results in use of hard-coded...

CVE-2026-2010

A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...

CVE-2026-1112 Sanluan PublicCMS Trade Address Deletion Endpoint TradeAddressController.java delete improper authorization

A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation of the argument ids...

CVE-2025-65836

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...

EUVD-2024-33680

Malicious code in bioql PyPI...

CVE-2024-40550

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-11175

A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has be...

CVE-2024-11175

A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has be...

CVE-2024-11175

A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has be...

CVE-2024-11175

Public CMS 5.202406.d contains a cross-site scripting (XSS) vulnerability in the Voting Management module, caused by how /admin/cmsVote/save processes input. The issue is exploitable remotely and affects the Voting Management component. A patch is available: b9530b9cc1f5cfdad4b637874f59029a6283a6...

CVE-2024-11175 Public CMS Voting Management save cross site scripting

A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has be...

CVE-2024-11175 Public CMS Voting Management save cross site scripting

A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has be...

CVE-2024-40550

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-40550

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-40550

CVE-2024-40550 concerns Public CMS v4.0.202302.e. Affected component: /admin/cmsTemplate/savePlaceMetaData. Root cause: arbitrary file upload vulnerability that allows uploading a crafted file to execute arbitrary code. Impact: high (CVE metrics show confidentiality, integrity, and availability i...

PT-2024-28915 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: Public CMS version 4.0.202302.e Description: The issue is related to an arbitrary file upload vulnerability in the /admin/cmsTemplate/savePlaceMetaData component. This allows attackers to execute arbitrary code by uploading a crafted file...

CVE-2024-40550

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-40550

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...

PT-2023-30285 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0.202302.e Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. This is due to the deserialization of untrusted data. Recommendations: For PublicCMS...

PT-2022-19828 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: PublicCMS versions 4.0.202204.a and below Description: The issue is related to an information leak in the component /views/directive/sys/SysConfigDataDirective.java. Recommendations: For PublicCMS versions 4.0.202204.a and below, consider...