Pancho Pachno
7 CVEs affecting Pancho Pachno. Latest disclosed: 2026-04-13. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40044 | Critical | 9.8 | 2026-04-13 | Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects… |
CVE-2026-40042 | Critical | 9.8 | 2026-04-13 | Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML par… |
CVE-2026-40040 | High | 8.8 | 2026-04-13 | Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extensi… |
CVE-2026-40038 | High | 7.2 | 2026-04-13 | Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloa… |
CVE-2026-40043 | Medium | 6.5 | 2026-04-13 | Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low-privilege users to escalate privileges… |
CVE-2026-40039 | Medium | 6.5 | 2026-04-13 | Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the return_to pa… |
CVE-2026-40041 | Medium | 4.3 | 2026-04-13 | Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting… |