|
691
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils…
Update
|
CWE-611
XXE
|
CVE-2026-39053
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
692
|
7.3 |
HIGH
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the proce…
Update
|
CWE-77
Command Injection
|
CVE-2026-39054
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
693
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is auth…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-8681
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
694
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf_add_comment' fu…
Update
|
CWE-862
Missing Authorization
|
CVE-2025-4202
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
695
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar Message field. Att…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-47957
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
696
|
8.8 |
HIGH
Network
|
-
|
-
|
The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in t…
Update
|
CWE-269
Improper Privilege Management
|
CVE-2026-8719
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
697
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulatio…
Update
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-8734
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
698
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulat…
Update
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2026-8735
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
699
|
4.1 |
MEDIUM
Physics
|
-
|
-
|
A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Perfor…
Update
|
CWE-22
Path Traversal
|
CVE-2026-8736
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
700
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigC…
Update
|
CWE-320
CWE-321
Key Management Errors
Use of Hard-coded Cryptographic Key
|
CVE-2026-8739
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
