Lucene search
K

44 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.10 views

CVE-2026-39054

Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary...

7.3CVSS5.6AI score0.01414EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.12 views

CVE-2026-39052

Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.runString expression, String type, Map context evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions...

6.5CVSS6AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/18 7:59 p.m.13 views

CVE-2026-8735

A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit is publicly availab...

6.5CVSS6.3AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/18 1:58 p.m.13 views

CVE-2026-8734

A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been publicly...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References1
NVD
NVD
added 2026/05/17 7:16 a.m.41 views

CVE-2026-8736

A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...

4.3CVSS0.00216EPSS
Exploits0References4
NVD
NVD
added 2026/05/17 6:16 a.m.35 views

CVE-2026-8735

A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit is publicly availab...

6.5CVSS0.00242EPSS
Exploits0References4
NVD
NVD
added 2026/05/17 6:16 a.m.34 views

CVE-2026-8734

A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been publicly...

7.5CVSS0.00259EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 6:15 a.m.22 views

EUVD-2026-30685

A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...

4.3CVSS5.4AI score0.00216EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/17 6:15 a.m.9 views

CVE-2026-8736 Oinone Pamirs RestController LocalFileClient.java request.getParameter path traversal

A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...

4.3CVSS5.4AI score0.00216EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 6:15 a.m.10 views

CVE-2026-8736

A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...

4.3CVSS5.4AI score0.00216EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/17 6:15 a.m.79 views

CVE-2026-8736 Oinone Pamirs RestController LocalFileClient.java request.getParameter path traversal

A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...

4.3CVSS0.00216EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/17 5:15 a.m.11 views

CVE-2026-8735 Oinone Pamirs appConfigQuery PamirsParserConfig.java JsonUtils.parseMap deserialization

A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit is publicly availab...

6.5CVSS6.3AI score0.00242EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 5:15 a.m.21 views

EUVD-2026-30684

A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit is publicly availab...

6.5CVSS5.5AI score0.00242EPSS
Exploits0References4
CVE
CVE
added 2026/05/17 5:0 a.m.20 views

CVE-2026-8734

CVE-2026-8734 affects Oinone Pamirs up to version 7.2.0. The vulnerability is in the function RSQLToSQLNodeConnector.makeVariable within the queryListByWrapper Interface , where manipulation leads to SQL injection . The attack is remote and, per sources, the exploit has been publicly disclosed an...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/17 5:0 a.m.9 views

CVE-2026-8734 Oinone Pamirs queryListByWrapper RSQLToSQLNodeConnector.makeVariable sql injection

A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been publicly...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 5:0 a.m.18 views

EUVD-2026-30683

A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been publicly...

7.5CVSS5.6AI score0.00259EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/17 5:0 a.m.47 views

CVE-2026-8734 Oinone Pamirs queryListByWrapper RSQLToSQLNodeConnector.makeVariable sql injection

A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been publicly...

7.5CVSS0.00259EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 5:0 a.m.6 views

CVE-2026-8734

A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been publicly...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.12 views

PT-2026-41521

A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...

4.3CVSS5.4AI score0.00216EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.10 views

PT-2026-41519

A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been publicly...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References5
Rows per page
Query Builder