Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.1 HIGH
CVE-2026-48241 — Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in loader.php

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to th…

Remote | Misconfiguration
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48240 — Open ISES Tickets < 3.44.2 SQL Injection via ajax/statistics.php tick_id and f_tick_id Pa…

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick_id and f_tick_id POST parameters are concatenated into WHERE clauses of SELECT statements …

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48239 — Open ISES Tickets < 3.44.2 SQL Injection via ajax/reports.php tick_id Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48238 — Open ISES Tickets < 3.44.2 SQL Injection via ajax/mobile_main.php id Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile_main.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48237 — Open ISES Tickets < 3.44.2 SQL Injection via message.php frm_ticket_id and frm_resp_id Pa…

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST parameters are concatenated into WHERE clauses of SELECT/UPDATE stat…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48236 — Open ISES Tickets < 3.44.2 SQL Injection via db_loader.php Multiple Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) are concatenated into…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
8.2 HIGH
CVE-2026-48235 — Open ISES Tickets < 3.44.2 SQL Injection in incs/remotes.inc.php via External GPS Tracker…

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracki…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48234 — Open ISES Tickets < 3.44.2 SQL Injection via portal/ajax/list_requests.php sort and dir P…

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT sta…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48233 — Open ISES Tickets < 3.44.2 SQL Injection via ajax/sit_incidents.php offset Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without san…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48232 — Open ISES Tickets < 3.44.2 SQL Injection via ajax/fullsit_incidents.php offset Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48231 — Open ISES Tickets < 3.44.2 SQL Injection via tables.php Multiple Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters (tablename, indexname, sortby) are concatenated into table/column identifiers i…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48230 — Open ISES Tickets < 3.44.2 Reflected XSS via ticketsmdb_import.php Multiple POST Paramete…

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb_import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsan…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48229 — Open ISES Tickets < 3.44.2 Reflected XSS via routes_i.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_i.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48228 — Open ISES Tickets < 3.44.2 Reflected XSS via patient_w.php id and ticket_id Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_w.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48227 — Open ISES Tickets < 3.44.2 Reflected XSS via patient.php id and ticket_id Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48226 — Open ISES Tickets < 3.44.2 Reflected XSS via os_watch.php ref and mode_orig Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in os_watch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48225 — Open ISES Tickets < 3.44.2 Reflected XSS via landb.php _type Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48224 — Open ISES Tickets < 3.44.2 Reflected XSS via ics214.php frm_add_str Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48223 — Open ISES Tickets < 3.44.2 Reflected XSS via ics213rr.php frm_add_str Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48222 — Open ISES Tickets < 3.44.2 Reflected XSS via ics213.php frm_add_str Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
Showing 20 of 6690 Results