CVE-2026-48242

Open ISES Tickets before 3.44.2 contains hardcoded MySQL credentials (host, username, password, database) in import_mdb.php, embedded in public repository source code. This exposure allows readers to obtain valid configuration values that may match deployed installations. The issue is documented ...

CVE-2026-48242 Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in import_mdb.php

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials host, username, password, database name in importmdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values...

CVE-2026-48241 Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in loader.php

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php a public-facing database utility that are committed to the source repository. Any actor with access to the public source tree or an unauthenticated attacker with read access to the file on a deployed...

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from hardcoding MySQL database credentials in the loader.php file and submittin...

EUVD-2001-1025

Malware in sbrugna...

EUVD-2018-3444

Malware in sbrugna...

EUVD-2003-1373

Malware in sbrugna...

EUVD-2006-1214

Malware in sbrugna...

EUVD-2014-8444

Malware in sbrugna...

EUVD-2006-6237

Malware in sbrugna...

EUVD-2019-8563

Malware in sbrugna...

EUVD-2002-1462

Malware in sbrugna...

EUVD-2001-0972

Malware in sbrugna...

EUVD-2024-46484

Malicious code in bioql PyPI...

CVE-2024-22901

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials...

CVE-2019-18868

Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak...

CVE-2011-4898

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a...

CVE-2015-2179

The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments...

GHSA-3QC3-MX6X-267H Insecure default config access in WriteFreely

WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...

CVE-2025-24337

WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...