|
701
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListD…
Update
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-8737
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
702
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file public…
Update
|
CWE-840
Business Logic Errors
|
CVE-2026-8738
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
703
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirectiv…
Update
|
CWE-791
CWE-1336
Incomplete Filtering of Special Elements
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-8740
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
704
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.
Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8669
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
705
|
7.5 |
HIGH
Network
|
-
|
-
|
Trog::TOTP versions before 1.006 for Perl generate secrets using rand.
Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
Update
|
CWE-331
Insufficient Entropy
|
CVE-2026-46474
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
706
|
7.3 |
HIGH
Network
|
-
|
-
|
Crypt::DSA versions before 1.20 for Perl generate seeds using rand.
Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
Update
|
CWE-331
Insufficient Entropy
|
CVE-2026-8700
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
707
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-8704
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
708
|
8.2 |
HIGH
Network
|
-
|
-
|
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections.
The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources c…
Update
|
CWE-93
CRLF Injection
|
CVE-2026-46720
|
2026-05-19 02:40 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
709
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws.
When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info(…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8507
|
2026-05-19 02:40 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
710
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs.
Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to Sv…
New
|
CWE-170
Improper Null Termination
|
CVE-2026-8721
|
2026-05-19 02:40 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
