CVE-2026-5987
published 2026-04-09CVE-2026-5987: A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file…
PriorityP429medium4.7CVSS 3.1
AVNACLPRHUINSUCLILAL
EPSS
0.24%
14.8th percentile
A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker Template Handler. Such manipulation leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
nvdv4.02.0LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.05.8MEDIUMAV:N/AC:L/Au:M/C:P/I:P/A:P
vendor_oracle8.1HIGH
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v5c9-pmxr-9vhc: A security vulnerability has been detected in Sanluan PublicCMS up to 6
ghsa_unreviewed·2026-04-10
CVE-2026-5987 [MEDIUM] CWE-791 GHSA-v5c9-pmxr-9vhc: A security vulnerability has been detected in Sanluan PublicCMS up to 6
A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker Template Handler. Such manipulation leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Red Hat
multipart: Python-Multipart: Information disclosure via header parsing discrepancy
vendor_redhat·2026-06-22·CVSS 5.3
CVE-2026-53537 [MEDIUM] CWE-1286 multipart: Python-Multipart: Information disclosure via header parsing discrepancy
multipart: Python-Multipart: Information disclosure via header parsing discrepancy
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parse_options_header parsed Content-Disposition (and Content-Type) headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax (filename*=charset'lang'value, name*=..., and the filename*0/filename*1 continuation form) is decoded and surfaced under the bare filename/name key, and overrides the plain parameter when both are present. RFC 7578 §4.2 explicitly forbids the filename* form in multipart/form-data. Components that follow RFC 7578, or that do not implement RFC 2231/5987 decoding for multipart/form-data (WAFs, proxies, gateways), may interpret such a header differently
Red Hat
cpp-httplib: cpp-httplib: Denial of Service via crafted HTTP POST request
vendor_redhat·2026-03-07·CVSS 5.9
CVE-2026-29076 [MEDIUM] CWE-1333 cpp-httplib: cpp-httplib: Denial of Service via crafted HTTP POST request
cpp-httplib: cpp-httplib: Denial of Service via crafted HTTP POST request
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex (libstdc++) to parse RFC 5987 encoded filename* values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep recursion, consuming one stack frame per input character. An attacker can send a single HTTP POST request with a crafted filename* parameter that causes uncontrolled stack growth, resulting in a stack overflow (SIGSEGV) that crashes the server process. This issue has been patched in version 0.37.0.
A flaw was found in cpp-httplib, a C++11 single-file header-only cross-platform HTTP/HTTPS library. A remote attacker can exploit
Oracle
Oracle Oracle Communications Risk Matrix: Routing (libssh) — CVE-2025-5987
vendor_oracle·2026-01-15·CVSS 8.1
CVE-2025-5987 [HIGH] Oracle Oracle Communications Risk Matrix: Routing (libssh) — CVE-2025-5987
Oracle Oracle Communications Risk Matrix: Routing (libssh) vulnerability
CVE: CVE-2025-5987
CVSS: 8.1
Protocol: SSH
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2026 (JAN 2026)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-53537 python-multipart: Python-Multipart: Information disclosure via header parsing discrepancy [epel-all]
bugzilla·2026-06-29·CVSS 5.3
CVE-2026-53537 [MEDIUM] CVE-2026-53537 python-multipart: Python-Multipart: Information disclosure via header parsing discrepancy [epel-all]
CVE-2026-53537 python-multipart: Python-Multipart: Information disclosure via header parsing discrepancy [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parse_options_header parsed Content-Disposition (and Content-Type) headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax (filename*=charset'lang'value, name*=..., and the filename*0/filename*1 continuation form) is decoded and surfaced under the bare filename/name key, and overrides the plain parameter when both ar
Bugzilla
CVE-2026-53537 python-multipart: Python-Multipart: Information disclosure via header parsing discrepancy [fedora-all]
bugzilla·2026-06-29·CVSS 5.3
CVE-2026-53537 [MEDIUM] CVE-2026-53537 python-multipart: Python-Multipart: Information disclosure via header parsing discrepancy [fedora-all]
CVE-2026-53537 python-multipart: Python-Multipart: Information disclosure via header parsing discrepancy [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parse_options_header parsed Content-Disposition (and Content-Type) headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax (filename*=charset'lang'value, name*=..., and the filename*0/filename*1 continuation form) is decoded and surfaced under the bare filename/name key, and overrides the plain parameter when both
Bugzilla
CVE-2026-53537 multipart: Python-Multipart: Information disclosure via header parsing discrepancy
bugzilla·2026-06-22·CVSS 5.3
CVE-2026-53537 [MEDIUM] CVE-2026-53537 multipart: Python-Multipart: Information disclosure via header parsing discrepancy
CVE-2026-53537 multipart: Python-Multipart: Information disclosure via header parsing discrepancy
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parse_options_header parsed Content-Disposition (and Content-Type) headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax (filename*=charset'lang'value, name*=..., and the filename*0/filename*1 continuation form) is decoded and surfaced under the bare filename/name key, and overrides the plain parameter when both are present. RFC 7578 §4.2 explicitly forbids the filename* form in multipart/form-data. Components that follow RFC 7578, or that do not implement RFC 2231/5987 decoding for multipart/form-data (WAFs, proxies, gateways), may interpret such a hea
Bugzilla
CVE-2025-5987 mingw-libssh2: Invalid return code for chacha20 poly1305 with OpenSSL backend [fedora-42]
bugzilla·2025-07-03·CVSS 8.1
CVE-2025-5987 [HIGH] CVE-2025-5987 mingw-libssh2: Invalid return code for chacha20 poly1305 with OpenSSL backend [fedora-42]
CVE-2025-5987 mingw-libssh2: Invalid return code for chacha20 poly1305 with OpenSSL backend [fedora-42]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2376219
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'ver
2026-04-09
Published