|
471
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled sc…
New
|
CWE-94
Code Injection
|
CVE-2026-39052
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
472
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils…
New
|
CWE-611
XXE
|
CVE-2026-39053
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
473
|
7.3 |
HIGH
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the proce…
New
|
CWE-77
Command Injection
|
CVE-2026-39054
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
474
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is auth…
New
|
CWE-862
Missing Authorization
|
CVE-2026-8681
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
475
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf_add_comment' fu…
New
|
CWE-862
Missing Authorization
|
CVE-2025-4202
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
476
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar Message field. Att…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47957
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
477
|
8.8 |
HIGH
Network
|
-
|
-
|
The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in t…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-8719
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
478
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulatio…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-8734
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
479
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulat…
New
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2026-8735
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
480
|
4.1 |
MEDIUM
Physics
|
-
|
-
|
A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Perfor…
New
|
CWE-22
Path Traversal
|
CVE-2026-8736
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
