cyberMEDIUM2026-04-21 05:00 UTC

ZDI-26-295: (0Day) PublicCMS getXml Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PublicCMS. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2.

ORIGINAL SOURCE →via Zero Day Initiative

⚡ STAY AHEAD

Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.

GET THE SUNDAY BRIEFING →

RELATED · cyber

[CYBER] Lauren Bonvini on Building Confidence Through a More Practical Approach to Stage Fright
[CYBER] The Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI Identities
[CYBER] After the Kelp hack, TVL in DeFi faced a liquidity outflow - Coinspot.io
[CYBER] Trojanized Android App Fuels New Wave of NFC Fraud
[CYBER] Ransomware negotiator pleads guilty to helping ransomware gang
[CYBER] CVE-2026-40565 - FreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href

Editorial policy · Report a correction