CVE-2026-48235 Open ISES Tickets < 3.44.2 SQL Injection in incs/remotes.inc.php via External GPS Tracker Data

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...

CVE-2026-0249

Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subn...

CVE-2026-0249

Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subn...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the osctrl-admin environment configuration. An attacker can execute arbitrary shell commands on every endpoint that enrolls using a compromised environment by injecting commands into the hostname parameter, which ar...

EUVD-2019-4011

Malware in sbrugna...

CVE-2025-34195

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 Windows client deployments contain a remote code execution vulnerability during driver installation caused by unquoted program paths. The PrinterInstallerClient driver-installati...

CVE-2025-36845

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...

CVE-2019-12376

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges...

CVE-2019-12376

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges...

CVE-2019-12376

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges...

Hardcoded credentials

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges...

CVE-2019-12376

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges...

BSA-2019-783

Security Advisory ID : BSA-2019-783 Component : VPN Revision : 1.0: Final Virtual Private Networks VPNs are used to create a secure connection with another network over the internet. Multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files...

Sql injection

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. The endpoint would need to be already compromised for exploitation to succeed...

CVE-2019-11213

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. The endpoint would need to be already compromised for exploitation to succeed...

Apache Struts 2 Flaw Uncovered: ‘More Critical Than Equifax Bug’

A critical remote code-execution vulnerability in Apache Struts 2, the popular open-source framework for developing web applications in the Java programming language, is threatening a wide range of applications, even when no additional plugins have been enabled. Successful exploitation could lead...

AVG Remote Administration Bypass / Code Execution / Static Keys

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: AVG Remote Administration vulnerable version: all - except issue 2 fixed version: none - except issue 2 impact: critical...