PT-2026-3380

Name of the Vulnerable Software and Affected Versions Sanluan PublicCMS versions prior to 5.202506.d Description A flaw exists in Sanluan PublicCMS that allows for path traversal. This issue stems from manipulation of the path argument within the Save function located in the file...

CVE-2025-15148 CmsEasy Backend Template Management template_admin.php savetemp_action code injection

A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetempaction in the library /lib/admin/templateadmin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead to code injection. The attack may be launched...

CVE-2025-15148

A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetempaction in the library /lib/admin/templateadmin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead to code injection. The attack may be launched...

CVE-2025-15148

CmsEasy up to 7.7.7 is affected by a code-injection flaw in the savetemp_action function of /lib/admin/template_admin.php in the Backend Template Management Page. Manipulating the content/tempdata argument can enable remote code execution, and an exploit has been published. The vendor has not res...

CVE-2025-55296 LibreNMS allows stored XSS in Alert Template name field

librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS = 25.6.0 in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template...

CVE-2024-25828

cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/templateadmin.php...

CVE-2020-21590

Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter...