Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-48245 | MEDIUM | 5.3 | Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can … | May 21, 2026 |
| CVE-2026-48244 | MEDIUM | 5.3 | Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that is committed to the public source repository. The key can … | May 21, 2026 |
| CVE-2026-48243 | MEDIUM | 5.3 | Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse-phone API key in wp1.php that is committed to the public source repository. Any actor with … | May 21, 2026 |
| CVE-2026-48242 | HIGH | 8.1 | Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code … | May 21, 2026 |
| CVE-2026-48241 | HIGH | 8.1 | Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor … | May 21, 2026 |
| CVE-2026-48240 | HIGH | 7.1 | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick_id and f_tick_id POST parameters are concatenated into WHERE clauses of … | May 21, 2026 |
| CVE-2026-48239 | HIGH | 7.1 | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter is concatenated into the WHERE clause of SELECT … | May 21, 2026 |
| CVE-2026-48238 | HIGH | 7.1 | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile_main.php where the id GET parameter is concatenated into the WHERE clause of a … | May 21, 2026 |
| CVE-2026-48237 | HIGH | 7.1 | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST parameters are concatenated into WHERE clauses of … | May 21, 2026 |
| CVE-2026-48236 | HIGH | 7.1 | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) are concatenated into mysqli … | May 21, 2026 |
| CVE-2026-48235 | HIGH | 8.2 | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS … | May 21, 2026 |
| CVE-2026-48234 | HIGH | 7.1 | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET parameters are concatenated into the ORDER BY … | May 21, 2026 |
| CVE-2026-48233 | HIGH | 7.1 | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a … | May 21, 2026 |
| CVE-2026-48232 | HIGH | 7.1 | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a … | May 21, 2026 |
| CVE-2026-48231 | HIGH | 7.1 | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters (tablename, indexname, sortby) are concatenated into table/column identifiers … | May 21, 2026 |
| CVE-2026-48230 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb_import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48229 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_i.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48228 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_w.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48227 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48226 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in os_watch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48225 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48224 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48223 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48222 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48221 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205a.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |