CVE-2026-1111
published 2026-01-18CVE-2026-1111: A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file…
PriorityP355high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.64%
45.8th percentile
A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| publiccms | publiccms | <= 5.202506.d | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| wwbn | avideo | 0 – 26.0 | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.02.0LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.05.8MEDIUMAV:N/AC:L/Au:M/C:P/I:P/A:P
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Netty has Unbounded Direct Memory Consumption in its RedisDecoder
ghsa·2026-06-08
CVE-2026-44890 [HIGH] CWE-400 Netty has Unbounded Direct Memory Consumption in its RedisDecoder
Netty has Unbounded Direct Memory Consumption in its RedisDecoder
### Summary
An attacker can cause DoS by sending crafted Redis payloads across multiple connections without `\r\n`. This exhausts the server's direct memory pool (OutOfDirectMemoryError), preventing legitimate connections from being processed.
### Details
io.netty.handler.codec.redis.RedisDecoder decodes the length of bulk strings and array headers using the `decodeLength` method. This method reads bytes from the network until it encounters a `\n` character. However, it does not enforce any maximum length check while buffering the bytes if the `\n` character is not found. An attacker can exploit this by sending a continuous stream of digits (e.g., `$1111...`) without ever sending a `\n`.
To cause a true Denial of Service,
GHSA
AVideo has an Unauthenticated Video Password Brute-Force Vulnerability via Unrate-Limited Boolean Oracle
ghsa·2026-03-26
CVE-2026-33763 [MEDIUM] CWE-307 AVideo has an Unauthenticated Video Password Brute-Force Vulnerability via Unrate-Limited Boolean Oracle
AVideo has an Unauthenticated Video Password Brute-Force Vulnerability via Unrate-Limited Boolean Oracle
## Summary
The `get_api_video_password_is_correct` API endpoint allows any unauthenticated user to verify whether a given password is correct for any password-protected video. The endpoint returns a boolean `passwordIsCorrect` field with no rate limiting, CAPTCHA, or authentication requirement, enabling efficient offline-speed brute-force attacks against video passwords.
## Details
The vulnerable endpoint is defined at `plugin/API/API.php:1111-1133`:
```php
public function get_api_video_password_is_correct($parameters)
{
$obj = new stdClass();
$obj->videos_id = intval($parameters['videos_id']);
$obj->passwordIsCorrect = true;
$error = true;
$msg = '';
if (!empty($obj->videos_id))
GHSA
GHSA-jc4q-h995-9f9w: A vulnerability has been found in Sanluan PublicCMS up to 5
ghsa_unreviewed·2026-01-18
CVE-2026-1111 [MEDIUM] CWE-22 GHSA-jc4q-h995-9f9w: A vulnerability has been found in Sanluan PublicCMS up to 5
A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-01-18
Published