CVE-2026-2010
published 2026-02-06CVE-2026-2010: A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file…
PriorityP424medium4.2CVSS 3.1
AVNACHPRLUINSUCNILAL
EPSS
0.33%
24.2th percentile
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulation of the argument paymentId leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 7329437e1288540336b1c66c114ed3363adcba02. It is recommended to apply a patch to fix this issue.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| publiccms | publiccms | <= 4.0.202506.d | — |
| publiccms | publiccms | 5.202302.a – 5.202506.d | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
CVSS provenance
nvdv3.14.2MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
nvdv4.01.3LOWCVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.03.6LOWAV:N/AC:H/Au:S/C:N/I:P/A:P
cisa8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-52jq-ww84-hqvp: A vulnerability has been found in Sanluan PublicCMS up to 4
ghsa_unreviewed·2026-02-06
CVE-2026-2010 [LOW] CWE-266 GHSA-52jq-ww84-hqvp: A vulnerability has been found in Sanluan PublicCMS up to 4
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulation of the argument paymentId leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 7329437e1288540336b1c66c114ed3363adcba02. It is recommended to apply a patch to fix this issue.
CISA
Microsoft Internet Explorer Use-After-Free Vulnerability
cisa·2026-05-20·CVSS 8.8
CVE-2010-0806 [HIGH] CWE-399 Microsoft Internet Explorer Use-After-Free Vulnerability
Vulnerability: Microsoft Internet Explorer Use-After-Free Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0806
Remediation Due Date: 2026-06
CISA
Microsoft Internet Explorer Use-After-Free Vulnerability
cisa·2026-05-20·CVSS 8.8
CVE-2010-0249 [HIGH] CWE-416 Microsoft Internet Explorer Use-After-Free Vulnerability
Vulnerability: Microsoft Internet Explorer Use-After-Free Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/979352 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0249
Remediation Due Date: 2026-06-03
Citrix
Citrix Security Bulletin CTX125976
vendor_citrix·CVSS 9.3
CVE-2010-2991 [CRITICAL] Citrix Security Bulletin CTX125976
Citrix Security Bulletin CTX125976
CVE References: CVE-2010-2991, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX127541
vendor_citrix·CVSS 4.3
CVE-2010-4515 [MEDIUM] Citrix Security Bulletin CTX127541
Citrix Security Bulletin CTX127541
CVE References: CVE-2010-4515, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX125319
vendor_citrix·CVSS 1.9
CVE-2010-2619 [LOW] Citrix Security Bulletin CTX125319
Citrix Security Bulletin CTX125319
CVE References: CVE-2010-2619, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX125975
vendor_citrix·CVSS 9.3
CVE-2010-2990 [CRITICAL] Citrix Security Bulletin CTX125975
Citrix Security Bulletin CTX125975
CVE References: CVE-2010-2990, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX127613
vendor_citrix·CVSS 9.3
CVE-2010-4566 [CRITICAL] Citrix Security Bulletin CTX127613
Citrix Security Bulletin CTX127613
CVE References: CVE-2010-4566, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX123193
vendor_citrix·CVSS 4.6
CVE-2010-0633 [MEDIUM] Citrix Security Bulletin CTX123193
Citrix Security Bulletin CTX123193
CVE References: CVE-2010-0633, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX123456
vendor_citrix·CVSS 4.6
CVE-2010-0633 [MEDIUM] Citrix Security Bulletin CTX123456
Citrix Security Bulletin CTX123456
CVE References: CVE-2010-0633, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX123460
vendor_citrix·CVSS 4.6
CVE-2010-0633 [MEDIUM] Citrix Security Bulletin CTX123460
Citrix Security Bulletin CTX123460
CVE References: CVE-2010-0633, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-11788 389-ds-base: 389-ds-base: NULL pointer dereference in deref control plugin BER parser
bugzilla·2026-06-05·CVSS 5.9
CVE-2026-11788 [MEDIUM] CVE-2026-11788 389-ds-base: 389-ds-base: NULL pointer dereference in deref control plugin BER parser
CVE-2026-11788 389-ds-base: 389-ds-base: NULL pointer dereference in deref control plugin BER parser
The dereference control plugin in 389 Directory Server fails to check the return value of ber_init() for NULL before use in deref_parse_ctrl_value() (deref.c). When memory allocation fails under memory pressure, an unauthenticated LDAP client sending a search with the deref control can crash ns-slapd.
The deref plugin is enabled by default. Crash confirmed via GDB fault injection on Fedora 42 (SIGABRT) and CentOS 7 (SIGSEGV on OpenLDAP 2.4). Vulnerable code present since deref plugin introduction in 389-ds-base 1.2.6 (~2010).
Bugzilla
CVE-2010-2448 znc: NULL pointer dereference flaw leads to segfault under certain conditions
bugzilla·2010-06-14·CVSS 3.5
CVE-2010-2448 [LOW] CVE-2010-2448 znc: NULL pointer dereference flaw leads to segfault under certain conditions
CVE-2010-2448 znc: NULL pointer dereference flaw leads to segfault under certain conditions
A Debian bug report [1] noted that ZNC would segfault under certain conditions, such as clicking "traffic" in the webadmin pages or issuing the traffic command on the /znc shell. This has been corrected upstream [2]. This vulnerability was reported against 0.090 which is the version that Fedora provides.
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929
[2] http://znc.svn.sourceforge.net/viewvc/znc?view=rev&revision=2026
Discussion:
znc-0.090-2.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/znc-0.090-2.fc13
---
znc-0.090-2.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/znc-0.090-2.fc11
---
znc-0
https://github.com/sanluan/PublicCMS/https://github.com/sanluan/PublicCMS/commit/7329437e1288540336b1c66c114ed3363adcba02https://github.com/sanluan/PublicCMS/issues/108https://github.com/sanluan/PublicCMS/issues/108#issue-3838143772https://vuldb.com/?ctiid.344592https://vuldb.com/?id.344592https://vuldb.com/?submit.743487
2026-02-06
Published