VIR Vulnerability Intelligence Relay

Search

Found 58,578 results in 2359ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-48243 medium 5.3 5.3 16d ago Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse-phone API key in wp1.php that is committed to the public source repository. Any actor with read access to the source tree can ext…
CVE-2026-48230 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb_import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsan…
CVE-2026-48229 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_i.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…
CVE-2026-48228 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_w.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v…
CVE-2026-48227 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val…
CVE-2026-48226 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in os_watch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…
CVE-2026-48225 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value…
CVE-2026-48224 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
CVE-2026-48223 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…
CVE-2026-48222 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
CVE-2026-48221 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205a.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val…
CVE-2026-48220 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
CVE-2026-48219 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
CVE-2026-48218 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an uns…
CVE-2026-48217 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in delete_module.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitiz…
CVE-2026-48216 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db_loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v…
CVE-2026-48215 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
CVE-2026-48214 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
CVE-2026-39593 medium 6.5 6.5 16d ago Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10.
CVE-2026-48213 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value t…
CVE-2026-48207 critical 9.8 9.8 apache 16d ago Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resol…
CVE-2026-46486 medium 5.5 16d ago Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing
CVE-2026-46403 medium 5.5 16d ago Klever-Go KVM read-only execution can commit contract delete and upgrade side effects
CVE-2026-39531 critical 9.3 9.3 16d ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Ki…
CVE-2026-36189 medium 6.2 6.2 16d ago Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial…
CVE-2026-1816 medium 6.3 6.3 16d ago Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Brute Force. This issue affects Mobile Appli…
CVE-2026-1815 medium 5.7 5.7 16d ago Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 b…
CVE-2026-34926 medium 6.7 8.2 KEV trendmicro 16d ago Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to depl…
CVE-2025-71211 critical 9.8 9.8 trendmicro 16d ago A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in …
CVE-2025-71210 critical 9.8 9.8 trendmicro 16d ago A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vul…
CVE-2026-6841 medium 6.1 6.1 FIX debian debian bestpractical 16d ago Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary Jav…
CVE-2026-5118 critical 9.8 9.8 16d ago The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from P…
CVE-2026-43501 critical 9.8 9.8 FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows ipv6_rpl_srh_rcv() decompresses an RFC 6554 Source Routing Header…
CVE-2026-0393 medium 6.5 6.5 codesys 16d ago The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerabil…
CVE-2026-45254 medium 6.5 6.5 freebsd freebsd 16d ago In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an…
CVE-2026-45252 medium 5.5 5.5 freebsd freebsd 16d ago When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE …
CVE-2026-42396 medium 6.5 6.5 FIX debian debian powerdns 16d ago Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail
CVE-2026-41999 medium 4.8 4.8 FIX debian debian powerdns 16d ago Incorrect Behaviour of Views with TCP PROXY Requests
CVE-2026-7837 low 3.7 3.7 FIX slesdebian debian 16d ago A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited da…
CVE-2026-5433 critical 9.1 9.1 16d ago Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-4858 critical 9.9 9.9 mattermost 16d ago Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an…
CVE-2026-44075 low 3.7 3.7 FIX slesdebian debian 16d ago A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session op…
CVE-2026-44074 low 3.7 3.7 FIX slesdebian debian 16d ago Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker…
CVE-2026-44071 low 3.7 3.7 FIX slesdebian debian 16d ago Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of servic…
CVE-2026-44057 low 3.1 3.1 FIX slesdebian debian 16d ago A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authen…
CVE-2026-27393 medium 5.3 5.3 16d ago Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6.
CVE-2026-27349 medium 4.3 4.3 16d ago Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a t…
CVE-2026-22880 medium 6.1 6.1 16d ago Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Ma…
CVE-2026-7836 low 3.1 3.1 FIX slesdebian debian 16d ago An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification v…
CVE-2026-7835 low 3.1 3.1 FIX slesdebian debian 16d ago A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string pro…
CVE-2026-4055 medium 4.3 4.3 mattermost 16d ago Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team when creating a playbook run which allows an authenticated team member to create runs in…
CVE-2026-44076 medium 6.7 6.7 FIX slesdebian debian 16d ago Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path.
CVE-2026-44073 medium 5.0 5.0 FIX slesdebian debian 16d ago Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error condition…
CVE-2026-44072 low 3.0 3.0 FIX slesdebian debian 16d ago Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor …
CVE-2026-44070 low 3.1 3.1 FIX slesdebian debian 16d ago An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character convers…
CVE-2026-44069 low 3.9 3.9 FIX slesdebian debian 16d ago An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption vi…
CVE-2026-44067 medium 4.2 4.2 FIX slesdebian debian 16d ago A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via…
CVE-2026-44065 medium 4.2 4.2 FIX slesdebian debian 16d ago An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data.
CVE-2026-44063 medium 4.2 4.2 FIX slesdebian debian 16d ago An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted fil…
CVE-2026-44061 medium 5.9 5.9 FIX slesdebian debian 16d ago Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis.
CVE-2026-44059 medium 4.5 4.5 FIX slesdebian debian 16d ago A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption.
CVE-2026-44056 medium 6.4 6.4 FIX slesdebian debian 16d ago A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data.
CVE-2026-44054 medium 6.5 6.5 FIX slesdebian debian 16d ago Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect m…
CVE-2026-44050 critical 9.9 9.9 FIX slesdebian debian 16d ago A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause…
CVE-2026-6279 critical 9.8 9.8 16d ago The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the `w…
CVE-2026-2734 medium 6.5 6.5 lfprojects 16d ago In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authenticati…
CVE-2026-1543 medium 6.4 6.4 16d ago The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitizatio…
CVE-2026-4811 medium 4.9 4.9 16d ago The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all version…
CVE-2026-1881 medium 4.3 4.3 17d ago The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get_sponsored_meta AJAX action due to missing validation on…
CVE-2026-48172 critical 9.8 10.0 KEV litespeedtech 17d ago LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with ro…
CVE-2026-9149 medium 6.5 6.5 FIX debian debian sleswindows windows opensuseredhat 17d ago A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. T…
CVE-2026-9150 medium 6.5 6.5 FIX debian debian sleswindows windows opensuseredhat 17d ago A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could …
CVE-2026-47782 low 3.3 3.3 17d ago Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web p…
CVE-2026-47372 critical 9.1 9.1 FIX debian debian 17d ago Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
CVE-2026-40102 medium 6.5 6.5 plane 17d ago Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F() expression without vali…
CVE-2026-40094 medium 4.3 4.3 17d ago nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and s…
CVE-2026-8631 critical 9.8 9.8 FIX debian debian sles hp 17d ago A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution v…
CVE-2026-9141 critical 9.8 9.8 17d ago Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access intern…
CVE-2026-9139 critical 9.8 9.8 17d ago Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-…
CVE-2026-9136 medium 6.5 6.5 misp 17d ago A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the …
CVE-2026-9124 medium 5.3 5.3 FIX debian debianmacos macos linux-kernel google 17d ago Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craf…
CVE-2026-9122 medium 6.5 6.5 FIX debian debianmacos macoswindows windows google 17d ago Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium …
CVE-2026-9116 medium 4.3 4.3 FIX debian debianmacos macos linux-kernel google 17d ago Insufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: …
CVE-2026-9115 medium 4.3 4.3 FIX debian debianmacos macos linux-kernel google 17d ago Insufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severi…
CVE-2026-9113 medium 4.3 4.3 FIX debian debianmacos macos linux-kernel google 17d ago Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9110 medium 4.2 4.2 FIX debian debianmacos macos linux-kernel google 17d ago Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML pag…
CVE-2026-9082 critical 9.8 10.0 KEVEXP drupal 17d ago Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.
CVE-2026-47099 medium 6.1 6.1 17d ago TeleJSON: DOM XSS via unsanitised constructor name in `new Function()`
CVE-2026-45444 critical 10.0 10.0 17d ago Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a th…
CVE-2026-39311 medium 6.8 6.8 17d ago Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of S…
CVE-2026-35016 medium 4.6 4.6 17d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
CVE-2026-35015 medium 4.6 4.6 17d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in do_unit_mail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitize…
CVE-2026-35014 medium 4.6 4.6 17d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v…
CVE-2026-35013 medium 4.6 4.6 17d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in street_view.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized va…
CVE-2026-35012 medium 4.6 4.6 17d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_facnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized…
CVE-2026-35011 medium 4.6 4.6 17d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in opena.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value…
CVE-2026-35010 medium 4.6 4.6 17d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_JF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …
CVE-2026-35009 medium 4.6 4.6 17d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_note.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…
CVE-2026-35008 medium 4.6 4.6 17d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
CVE-2026-35007 medium 4.6 4.6 17d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single_unit.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized…