|
4011
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset.
|
CWE-284
Improper Access Control
|
CVE-2025-67437
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4012
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled sc…
|
CWE-94
Code Injection
|
CVE-2026-39052
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4013
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils…
|
CWE-611
XXE
|
CVE-2026-39053
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4014
|
7.3 |
HIGH
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the proce…
|
CWE-77
Command Injection
|
CVE-2026-39054
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4015
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is auth…
|
CWE-862
Missing Authorization
|
CVE-2026-8681
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4016
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf_add_comment' fu…
|
CWE-862
Missing Authorization
|
CVE-2025-4202
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4017
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar Message field. Att…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47957
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4018
|
8.8 |
HIGH
Network
|
-
|
-
|
The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in t…
|
CWE-269
Improper Privilege Management
|
CVE-2026-8719
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4019
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulatio…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-8734
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4020
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulat…
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2026-8735
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
