Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.9 MEDIUM
CVE-2026-48246 — Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in ajax/reports.php

Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTT…

Remote | Misconfiguration
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.3 MEDIUM
CVE-2026-48245 — Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in tables.php

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the sour…

Remote | Misconfiguration
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.3 MEDIUM
CVE-2026-48244 — Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in settings.inc.php

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that is committed to the public source repository. The key can be extracted by anyone with read access to th…

Remote | Information Disclosure
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.3 MEDIUM
CVE-2026-48243 — Open ISES Tickets < 3.44.2 Hardcoded WhitePages API Key in wp1.php

Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse-phone API key in wp1.php that is committed to the public source repository. Any actor with read access to the source tree can ext…

Remote | Supply Chain
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
8.1 HIGH
CVE-2026-48242 — Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in import_mdb.php

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code commi…

Remote | Information Disclosure
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
8.1 HIGH
CVE-2026-48241 — Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in loader.php

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to th…

Remote | Misconfiguration
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48240 — Open ISES Tickets < 3.44.2 SQL Injection via ajax/statistics.php tick_id and f_tick_id Pa…

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick_id and f_tick_id POST parameters are concatenated into WHERE clauses of SELECT statements …

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48239 — Open ISES Tickets < 3.44.2 SQL Injection via ajax/reports.php tick_id Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48238 — Open ISES Tickets < 3.44.2 SQL Injection via ajax/mobile_main.php id Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile_main.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48237 — Open ISES Tickets < 3.44.2 SQL Injection via message.php frm_ticket_id and frm_resp_id Pa…

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST parameters are concatenated into WHERE clauses of SELECT/UPDATE stat…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48236 — Open ISES Tickets < 3.44.2 SQL Injection via db_loader.php Multiple Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) are concatenated into…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
8.2 HIGH
CVE-2026-48235 — Open ISES Tickets < 3.44.2 SQL Injection in incs/remotes.inc.php via External GPS Tracker…

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracki…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48234 — Open ISES Tickets < 3.44.2 SQL Injection via portal/ajax/list_requests.php sort and dir P…

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT sta…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48233 — Open ISES Tickets < 3.44.2 SQL Injection via ajax/sit_incidents.php offset Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without san…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48232 — Open ISES Tickets < 3.44.2 SQL Injection via ajax/fullsit_incidents.php offset Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-48231 — Open ISES Tickets < 3.44.2 SQL Injection via tables.php Multiple Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters (tablename, indexname, sortby) are concatenated into table/column identifiers i…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48230 — Open ISES Tickets < 3.44.2 Reflected XSS via ticketsmdb_import.php Multiple POST Paramete…

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb_import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsan…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48229 — Open ISES Tickets < 3.44.2 Reflected XSS via routes_i.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_i.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48228 — Open ISES Tickets < 3.44.2 Reflected XSS via patient_w.php id and ticket_id Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_w.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48227 — Open ISES Tickets < 3.44.2 Reflected XSS via patient.php id and ticket_id Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
Showing 20 of 7032 Results