CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/05/19 1:58 a.m.•9 views

CVE-2026-8738

A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeOrderController.java of the...

6.9CVSS5.3AI score0.00051EPSS

RedhatCVE•added 2026/05/18 7:58 p.m.•9 views

CVE-2026-8737

A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a manipulation of the argume...

6.9CVSS5.8AI score0.00075EPSS

RedhatCVE•added 2026/05/18 1:58 p.m.•5 views

CVE-2026-8740

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

NVD•added 2026/05/17 9:16 a.m.•5 views

CVE-2026-8740

6.5CVSS0.00046EPSS

NVD•added 2026/05/17 8:16 a.m.•7 views

CVE-2026-8739

6.9CVSS0.00037EPSS

NVD•added 2026/05/17 8:16 a.m.•8 views

CVE-2026-8738

6.9CVSS0.00051EPSS

ATTACKERKB•added 2026/05/17 8:0 a.m.•5 views

CVE-2026-8740

Exploits0References4Affected Software1

EUVD•added 2026/05/17 8:0 a.m.•5 views

EUVD-2026-30689

CVE•added 2026/05/17 8:0 a.m.•12 views

CVE-2026-8740

CVE-2026-8740 affects Sanluan PublicCMS 5.202506.d; the issue lies in TemplateResultDirective.java (TemplateResult API), where manipulating the templateContent argument during execution leads to improper neutralization of special template engine elements. This enables a remote attack, and exploit...

Cvelist•added 2026/05/17 8:0 a.m.•34 views

CVE-2026-8740 Sanluan PublicCMS templateResult API TemplateResultDirective.java execute special elements used in a template engine

6.5CVSS0.00046EPSS

Vulnrichment•added 2026/05/17 8:0 a.m.•7 views

CVE-2026-8740 Sanluan PublicCMS templateResult API TemplateResultDirective.java execute special elements used in a template engine

Cvelist•added 2026/05/17 7:45 a.m.•36 views

CVE-2026-8739 Sanluan PublicCMS SafeConfigComponent.java getSignKey hard-coded key

6.9CVSS0.00037EPSS

ATTACKERKB•added 2026/05/17 7:45 a.m.•8 views

CVE-2026-8739

Exploits0References4Affected Software1

EUVD•added 2026/05/17 7:45 a.m.•10 views

EUVD-2026-30687

Vulnrichment•added 2026/05/17 7:45 a.m.•9 views

CVE-2026-8739 Sanluan PublicCMS SafeConfigComponent.java getSignKey hard-coded key

CVE•added 2026/05/17 7:45 a.m.•13 views

CVE-2026-8739

Sanluan PublicCMS 5.202506.d is affected by CVE-2026-8739 in SafeConfigComponent.getSignKey. Manipulating the privatefile_key argument leads to use of a hard-coded cryptographic key, enabling a remote attack. The exploit is public and may be used; vendor contact about disclosure was unresponsive....

ATTACKERKB•added 2026/05/17 7:30 a.m.•5 views

CVE-2026-8738

6.9CVSS6.1AI score0.00051EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/17 7:30 a.m.•7 views

CVE-2026-8738 Sanluan PublicCMS Trade Payment Flow TradeOrderController.java AccountGatewayComponent.pay logic error

6.9CVSS6.1AI score0.00051EPSS

CVE•added 2026/05/17 7:30 a.m.•10 views

CVE-2026-8738

Sanluan PublicCMS 5.202506.d contains a vulnerability affecting the Trade payment flow. Specifically, the methods TradeOrderController.pay, TradePaymentController.pay, and AccountGatewayComponent.pay in the publiccms-trade module are affected, with the root cause described as a business logic man...

6.9CVSS6.1AI score0.00051EPSS