|
2821
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_facnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized…
|
CWE-79
Cross-site Scripting
|
CVE-2026-35012
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2822
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in street_view.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized va…
|
CWE-79
Cross-site Scripting
|
CVE-2026-35013
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2823
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v…
|
CWE-79
Cross-site Scripting
|
CVE-2026-35014
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2824
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in do_unit_mail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitize…
|
CWE-79
Cross-site Scripting
|
CVE-2026-35015
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2825
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-35016
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2826
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-9139
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2827
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access intern…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-9141
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2828
|
7.6 |
HIGH
Network
|
-
|
-
|
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute pe…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9144
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2829
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenix_storybook allows unauthenticated denial-of-service via BEAM atom table exhaustion.
Multiple LiveView event…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8469
|
2026-05-22 00:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2830
|
- |
|
-
|
-
|
Code Injection vulnerability in phenixdigital phoenix_storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation.
The psb-assign…
|
CWE-94
Code Injection
|
CVE-2026-8467
|
2026-05-22 00:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
