Oinone Pamirs
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Oinone Pamirs.
By the Year
In 2026 there have been 3 vulnerabilities in Oinone Pamirs with an average score of 5.9 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 5.90 |
It may take a day or so for new Pamirs vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Oinone Pamirs Security Vulnerabilities
Oinone Pamirs 7.2.0 Path Traversal via RestController
CVE-2026-8736
4.1 - Medium
- May 17, 2026
A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be carried out on the physical device. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Directory traversal
Oinone Pamirs <=7.2.0 Remote Deserialization via JsonUtils.parseMap
CVE-2026-8735
6.3 - Medium
- May 17, 2026
A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Marshaling, Unmarshaling
Oinone Pamirs <=7.2.0 SQL Injection in RSQLToSQLNC.mkVar (queryListByWrapper)
CVE-2026-8734
7.3 - High
- May 17, 2026
A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oinone Pamirs or by Oinone? Click the Watch button to subscribe.
