CVE-2026-8737 | Sanluan PublicCMS 5.202506.d Trade Address Query TradeAddressListDirective.java execute userId/id missing authentication

A vulnerability, which was classified as problematic, was found in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a manipulation of the argument userId/id can lead to missing authentication.

The identification of this vulnerability is CVE-2026-8737. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8737 | Sanluan PublicCMS 5.202506.d Trade Address Query TradeAddressListDirective.java execute userId/id missing authentication

Post correlati

CVE-2026-7445 | ZachHandley ZMCPTools up to 0.2.2 MCP Log Resource ResourceManager.ts dirname path traversal

CVE-2025-46558 | xwiki-contrib syntax-markdown up to 8.8 cross site scripting

CVE-2025-13000 | WP-FeedStats db-access Plugin up to 0.8.7 on WordPress sql injection

CVE-2024-26620 | Linux Kernel up to 6.1.75/6.6.14/6.7.2 vfio-ap vfio_ap_mdev_filter_matrix Privilege Escalation