|
151
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an uns…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48218
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in delete_module.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitiz…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48217
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db_loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48216
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48215
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48214
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resol…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-48207
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
- |
|
-
|
-
|
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsona…
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-48172
|
2026-05-22 03:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects HAPPY: from n/a through 1.0.10.
New
|
CWE-862
Missing Authorization
|
CVE-2026-39593
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
7.8 |
HIGH
Local
|
-
|
-
|
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-22554
|
2026-05-22 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
9.1 |
CRITICAL
Network
|
scadabr
|
scadabr
|
In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sen…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-8602
|
2026-05-22 02:19 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
