Lucene search
K

16 matches found

EUVD
EUVD
added 2026/04/13 9:30 p.m.6 views

EUVD-2026-22053

Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory,...

9.8CVSS6.2AI score0.00484EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/13 9:30 p.m.6 views

EUVD-2026-22041

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS6AI score0.00161EPSS
Exploits1References3
NVD
NVD
added 2026/04/13 7:16 p.m.6 views

CVE-2026-40044

Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory,...

9.8CVSS0.00484EPSS
Exploits1References2
NVD
NVD
added 2026/04/13 7:16 p.m.9 views

CVE-2026-40043

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...

7.1CVSS0.00304EPSS
Exploits1References3
NVD
NVD
added 2026/04/13 7:16 p.m.15 views

CVE-2026-40039

Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the returnto parameter. Attackers can craft malicious login URLs with unvalidated returnto values to conduct phishing attacks and steal user credentials...

7.1CVSS0.00338EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/13 6:11 p.m.18 views

CVE-2026-40043 Pachno 1.0.6 Authentication Bypass via runSwitchUser()

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...

7.1CVSS0.00304EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:10 p.m.2 views

CVE-2026-40041

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

5.3CVSS5.8AI score0.00109EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/13 6:10 p.m.22 views

CVE-2026-40040 Pachno 1.0.6 Unrestricted File Upload Remote Code Execution

Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 scripts to web-accessible directories and execute th...

8.8CVSS0.00474EPSS
Exploits1References2
CVE
CVE
added 2026/04/13 6:10 p.m.15 views

CVE-2026-40040

The CVE-2026-40040 issue concerns Pachno 1.0.6, where an unrestricted file upload vulnerability exists in the /uploadfile endpoint. Authenticated users can bypass extension filtering to upload arbitrary files (notably executable .php5 scripts) to web-accessible directories, enabling remote code e...

8.8CVSS6.6AI score0.00474EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:10 p.m.3 views

CVE-2026-40039

Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the returnto parameter. Attackers can craft malicious login URLs with unvalidated returnto values to conduct phishing attacks and steal user credentials...

7.1CVSS5.9AI score0.00338EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/13 6:10 p.m.4 views

CVE-2026-40038 Pachno 1.0.6 Stored Cross-Site Scripting via Multiple Parameters

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS6AI score0.00161EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/13 6:10 p.m.18 views

CVE-2026-40038 Pachno 1.0.6 Stored Cross-Site Scripting via Multiple Parameters

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS0.00161EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.72 views

📄 Pachno 1.0.6 Cross Site Scripting

Pachno version 1.0.6 suffers from persistent cross site scripting vulnerabilities. Pachno 1.0.6 Stored Cross-Site Scripting Vendor: Daniel André Eikeland Product web page: https://github.com/pachno/pachno Affected version: 1.0.6 Summary: Pachno is an open-source collaboration platform formerly...

5.2AI score
Exploits0
NVD
NVD
added 2023/11/28 12:15 a.m.28 views

CVE-2023-47437

A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting XSS attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script...

5.4CVSS0.00475EPSS
Exploits0References2
Prion
Prion
added 2023/11/28 12:15 a.m.16 views

Cross site scripting

A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting XSS attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script...

4.9CVSS5.9AI score0.00475EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/11/27 12:0 a.m.42 views

CVE-2023-47437

CVE-2023-47437 : Affected software is Pachno 1.0.6. The vulnerability is an authenticated XSS caused by inadequate input validation in the Project Description and comments, enabling injection of malicious JavaScript. Documented impact is cross-site scripting; exploitation details are not provided...

5.4CVSS5.1AI score0.00475EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder