|
6531
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulat…
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2026-8735
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6532
|
4.1 |
MEDIUM
Physics
|
-
|
-
|
A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Perfor…
|
CWE-22
Path Traversal
|
CVE-2026-8736
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6533
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListD…
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-8737
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6534
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file public…
|
CWE-840
Business Logic Errors
|
CVE-2026-8738
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6535
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigC…
|
CWE-320
CWE-321
Key Management Errors
Use of Hard-coded Cryptographic Key
|
CVE-2026-8739
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6536
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirectiv…
|
CWE-791
CWE-1336
Incomplete Filtering of Special Elements
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-8740
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6537
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.
Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8669
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6538
|
7.5 |
HIGH
Network
|
-
|
-
|
Trog::TOTP versions before 1.006 for Perl generate secrets using rand.
Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
|
CWE-331
Insufficient Entropy
|
CVE-2026-46474
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6539
|
7.3 |
HIGH
Network
|
-
|
-
|
Crypt::DSA versions before 1.20 for Perl generate seeds using rand.
Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
|
CWE-331
Insufficient Entropy
|
CVE-2026-8700
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6540
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-8704
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
