15 matches found
CVE-2026-48245
creationtimestamp| type| source ---|---|--- 2026-05-21 18:47:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmf3g33ygt2k...
CVE-2026-48245
Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google Cloud...
CVE-2026-48245 Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in tables.php
Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google Cloud...
CVE-2025-48245
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Reflected XSS.This issue affects Quick Contact Form: from n/a through = 8.2.1...
CVE-2025-48245
The CVE-2025-48245 entry concerns WordPress plugin Quick Contact Form, affected up to version 8.2.1. The underlying issue is improper neutralization of input during web page generation, i.e., a reflected XSS vulnerability. Reported score CVSSv3.1 base 7.1 (HIGH) with network attack vector, low pr...
CVE-2023-48245
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user “root” via a crafted HTTP request...
CVE-2022-48245
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
CVE-2024-48245
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which...
CVE-2024-48245
CVE-2024-48245 concerns Vehicle Management System (versions 1.0–1.3) with a SQL Injection via vulnerable POST parameters in administrative actions. A guest user can exploit parameters such as Booking ID , Action Name , and Payment Confirmation ID located in /newvehicle.php and /newdriver.php to e...
CVE-2023-48245
creationtimestamp| type| source ---|---|--- 2024-01-10 12:21:56+00:00| seen| https://t.me/ctinow/165739 2024-01-28 10:26:58+00:00| seen| https://t.me/ctinow/174890...
CVE-2023-48245
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user “root” via a crafted HTTP request...
CVE-2023-48245
CVE-2023-48245 affects Bosch Nexo OS (and related Bosch Nexo products) where an unauthenticated remote attacker can upload arbitrary files in the application OS user context (root) via a crafted HTTP request. The connected sources corroborate the vulnerability exists in the Nexo/OS environment an...
CVE-2023-48245
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user “root” via a crafted HTTP request...
CVE-2022-48245
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
CVE-2022-48245
CVE-2022-48245 concerns the UNISOC audio service. Public records describe a missing permission check in the audio service, enabling local privilege escalation with no additional execution privileges. CVSSv3.1 base metrics cited are AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base score 7.8 (HIGH). Affec...