22 matches found
CVE-2026-8739
Sanluan PublicCMS 5.202506.d is affected by CVE-2026-8739 in SafeConfigComponent.getSignKey. Manipulating the privatefile_key argument leads to use of a hard-coded cryptographic key, enabling a remote attack. The exploit is public and may be used; vendor contact about disclosure was unresponsive....
PublicCMS 加密问题漏洞
PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China using the Java language. Version PublicCMS 5.202506.d contains a security vulnerability related to encryption. This vulnerability stems from the getSignKey function in the...
PT-2026-41524
A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeOrderController.java of the...
PT-2026-3381
Name of the Vulnerable Software and Affected Versions Sanluan PublicCMS versions up to 5.202506.d Description A flaw exists in Sanluan PublicCMS that allows for improper authorization. This issue is related to the delete function within the file...
CVE-2025-65838
PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method...
CVE-2025-65840
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery CSRF in the CkEditorAdminController...
CVE-2025-65840
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery CSRF in the CkEditorAdminController...
PT-2025-48542
Name of the Vulnerable Software and Affected Versions PublicCMS version 5.202506.b Description PublicCMS version 5.202506.b is susceptible to a Server-Side Request Forgery SSRF condition. This issue is located within the chat interface of the SimpleAiAdminController. SSRF occurs when an applicati...
PT-2025-48548
Name of the Vulnerable Software and Affected Versions PublicCMS version 5.202506.b Description PublicCMS version 5.202506.b is susceptible to a Cross Site Request Forgery CSRF issue within the CkEditorAdminController. This allows an attacker to potentially perform actions on behalf of an...
EUVD-2018-9122
Malware in sbrugna...
EUVD-2020-13694
Malware in sbrugna...
EUVD-2022-34105
Malicious code in bioql PyPI...
CVE-2024-40544
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery SSRF via the component /admin/maintenancesysTask/edit...
CVE-2024-40552
PublicCMS v4.0.202302.e was discovered to contain a remote commande execution RCE vulnerability via the cmdarray parameter at /site/ScriptComponent.java...
CVE-2024-46410
PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting XSS vulnerability via a crafted script to the Category Managment feature...
PT-2024-31983 · Publiccms · Publiccms
Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0.202406.d Description: A cross-site scripting XSS issue was discovered in PublicCMS via a crafted script to the Category Management feature. This allows for potential exploitation. Recommendations: For PublicCMS version...
CVE-2024-42523
publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData...
CVE-2024-40552
PublicCMS v4.0.202302.e was discovered to contain a remote commande execution RCE vulnerability via the cmdarray parameter at /site/ScriptComponent.java...
CVE-2024-40547
PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace...
PublicCMS 安全漏洞
PublicCMS is China PublicCMS company's set of open source content management system CMS written in Java language . A cross-site scripting vulnerability exists in PublicCMS v4.0. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which ca...