CVE-2026-8736 Oinone Pamirs RestController LocalFileClient.java request.getParameter path traversal

A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...

Cross-site Scripting (XSS)

spark-core is vulnerable to cross-site scripting XSS attacks. The attacks are possible because it does not use the stripXSS function in the pages calling request.getParameter in UIUtils...