Lucene search
+L

779 matches found

Securelist
Securelist
added 2026/07/02 9:0 a.m.20 views

Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects

The following analysis presents the key findings from Kaspersky Compromise Assessment engagements performed in 2025. A compromise assessment is an independent, expert-driven service that examines whether a target network has been compromised. The service combines threat intelligence analysis...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/16 11:30 a.m.11 views

Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive

Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and platforms. Yet despite this abundance of information, many organizations...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.18 views

CVE-2026-48134

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

5.6CVSS5.8AI score0.04356EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 2:16 p.m.21 views

CVE-2026-48134

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

5.6CVSS0.04356EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 12:57 p.m.11 views

EUVD-2026-31821

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

5.6CVSS5.8AI score0.04356EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 12:57 p.m.16 views

CVE-2026-48134 SQL injection issue in UserCheck Portal when DLP Software Blade is active

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

5.6CVSS5.8AI score0.04356EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:57 p.m.8 views

CVE-2026-48134

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

5.6CVSS5.8AI score0.04356EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 12:57 p.m.47 views

CVE-2026-48134 SQL injection issue in UserCheck Portal when DLP Software Blade is active

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

5.6CVSS0.04356EPSS
Exploits0References1
NVD
NVD
added 2026/05/21 6:16 p.m.24 views

CVE-2026-48233

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...

7.1CVSS0.00214EPSS
Exploits0References3
NVD
NVD
added 2026/05/21 6:16 p.m.15 views

CVE-2026-48239

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tickid POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents summary report without sanitization. Authenticated attackers can craft requests that alter query...

7.1CVSS0.00214EPSS
Exploits0References3
NVD
NVD
added 2026/05/21 6:16 p.m.15 views

CVE-2026-48232

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modif...

7.1CVSS0.00214EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 5:10 p.m.7 views

CVE-2026-48233 Open ISES Tickets < 3.44.2 SQL Injection via ajax/sit_incidents.php offset Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/21 5:10 p.m.10 views

EUVD-2026-31313

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/21 5:10 p.m.40 views

CVE-2026-48233 Open ISES Tickets < 3.44.2 SQL Injection via ajax/sit_incidents.php offset Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...

7.1CVSS0.00214EPSS
Exploits0References3
CVE
CVE
added 2026/05/21 5:10 p.m.20 views

CVE-2026-48233

The CVE-2026-48233 issue affects Open ISES Tickets prior to 3.44.2, where the GET offset parameter is concatenated into the LIMIT clause in ajax/sit_incidents.php, enabling SQL injection. This requires authentication and is exploitable via crafted requests over the network, potentially allowing a...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
OSV
OSV
added 2026/05/21 5:10 p.m.2 views

CVE-2026-48233 Open ISES Tickets < 3.44.2 SQL Injection via ajax/sit_incidents.php offset Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...

7.1CVSS6AI score0.00214EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/21 5:10 p.m.38 views

CVE-2026-48232 Open ISES Tickets < 3.44.2 SQL Injection via ajax/fullsit_incidents.php offset Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modif...

7.1CVSS0.00214EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 5:10 p.m.8 views

CVE-2026-48232 Open ISES Tickets < 3.44.2 SQL Injection via ajax/fullsit_incidents.php offset Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modif...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 5:10 p.m.9 views

CVE-2026-48232

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modif...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/21 5:10 p.m.11 views

EUVD-2026-31314

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modif...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
Rows per page
Query Builder