CVE-2026-48236 Open ISES Tickets < 3.44.2 SQL Injection via db_loader.php Multiple Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in dbloader.php where the multiple POST parameters ticketsdb, ticketshost, ticketsuser, ticketspassword are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database withou...

EUVD-2026-31318

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in dbloader.php where the multiple POST parameters ticketsdb, ticketshost, ticketsuser, ticketspassword are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database withou...

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from multiple POST parameters in the dbloader.php file—ticketsdb, ticketshost, ticketsuser, a...

Fake Claude search results lure Mac users into ClickFix attack

Researchers found that cybercriminals are using sponsored search results and shared Claude chats to lure victims into a typical ClickFix attack to install malware on macOS devices. ClickFix is a social engineering method that tricks users into infecting their own device with malware. Users are...

Malicious code in supercluster-command-betelgeuse-style-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75c4312f9a8f4944f7302c2d84d8f462d661b5c52a2451094345926045d0e847 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

VulnCheck KEV: CVE-2021-45467

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accountnewcreate&acc=guadaapi URI. Any number of...

CVE-2023-41708

References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more...

DarkGate Malware Spreading via Messaging Services Posing as PDF Files

A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications VBA loader script that masquerades as a PDF document, which, when opened,...

Malicious code in bernie-plugin-ads-loader-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 83e103eb1b7d3a9fd0472fb99351cf0a76fe9da9bbfc65b0eb31f78cd762ce53 The OpenSSF Package Analysis project identified 'bernie-plugin-ads-loader-script' @ 1.0.0 npm as malicious. It is considered malicious because: ...

CrossC2-1

It is an offensive tool for macOS. The repository contains a CrossC2 framework fork, version 2.0, created by gloxec. The tool includes various modules for tasks such as file management, password gathering, keylogging, browser data dumping, and more. The framework uses a loader script that include...

PT-2020-14419 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-el7-0.9.8.891 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the loader ajax.php...