|
481
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListD…
New
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-8737
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
482
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file public…
New
|
CWE-840
Business Logic Errors
|
CVE-2026-8738
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
483
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigC…
New
|
CWE-320
CWE-321
Key Management Errors
Use of Hard-coded Cryptographic Key
|
CVE-2026-8739
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
484
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirectiv…
New
|
CWE-791
CWE-1336
Incomplete Filtering of Special Elements
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-8740
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
485
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.
Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8669
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
486
|
7.5 |
HIGH
Network
|
-
|
-
|
Trog::TOTP versions before 1.006 for Perl generate secrets using rand.
Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
New
|
CWE-331
Insufficient Entropy
|
CVE-2026-46474
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
487
|
7.3 |
HIGH
Network
|
-
|
-
|
Crypt::DSA versions before 1.20 for Perl generate seeds using rand.
Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
New
|
CWE-331
Insufficient Entropy
|
CVE-2026-8700
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
488
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
New
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-8704
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
489
|
8.2 |
HIGH
Network
|
-
|
-
|
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections.
The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources c…
New
|
CWE-93
CRLF Injection
|
CVE-2026-46720
|
2026-05-19 02:40 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
490
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws.
When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info(…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8507
|
2026-05-19 02:40 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
