CVE-2026-49347

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

CVE-2026-49347

CVE-2026-49347 affects Quest Bot (Discord bot). Before v1.1.8, any user who can access the ticket panel could repeatedly create new ticket channels; the system did not enforce a per-user open-ticket limit or cooldown. The issue persists in that the latest release still creates a new database tick...

PT-2026-48862

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

CVE-2026-48243

Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse-phone API key in wp1.php that is committed to the public source repository. Any actor with read access to the source tree can extract the key and use it to make third-party API calls billed to or rate-limited against the origin...

CVE-2026-48237

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frmticketid and frmrespid POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to...

CVE-2026-48232

Open ISES Tickets prior to version 3.44.2 contains a SQL injection in ajax/fullsit_incidents.php where the offset parameter from GET is directly concatenated into the LIMIT clause without sanitization. Authenticated attackers can craft requests to alter query semantics, potentially reading, modif...

CVE-2026-48229 Open ISES Tickets < 3.44.2 Reflected XSS via routes_i.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routesi.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into HTML form hidden input value attributes...

CVE-2026-48213 Open ISES Tickets < 3.44.2 Reflected XSS via add.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute. Attackers can...

CVE-2026-35015 Open ISES Tickets < 3.44.2 Reflected XSS via do_unit_mail.php the_ticket Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dounitmail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the theticket GET parameter directly into a JavaScript variable assignment. Attacker...

CVE-2026-35015

Open ISES Tickets before 3.44.2 is vulnerable to a reflected XSS in do_unit_mail.php via the_ticket parameter. An authenticated attacker can inject arbitrary JavaScript by passing an unsanitized value into the_ticket, which is then inserted into a JavaScript variable assignment and executed when ...

CVE-2025-8460

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Notification rules, Open tickets module allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from...

CVE-2025-8460

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Notification rules, Open tickets module allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from...

CVE-2025-12514 A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring - Open-tickets Notification rules configuration parameters, Open tickets modules allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring ...

CVE-2025-12514 A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring - Open-tickets Notification rules configuration parameters, Open tickets modules allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring ...

CVE-2025-12514 A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring - Open-tickets Notification rules configuration parameters, Open tickets modules allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring ...

PT-2025-52645

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 23.10.0 through 23.10.4 Centreon Infra Monitoring versions 24.04.0 through 24.04.5 Centreon Infra Monitoring versions 24.10.0 through 24.10.5 Description The software contains an Improper Neutralization of...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for network, system and application resources. A security vulnerability exists in Centreon versions 24.10.0 through 24.10.5, 24.04.0 through 24.04.5, and 23.10....

PT-2024-31752 · Centreon · Centreon-Open-Tickets

Name of the Vulnerable Software and Affected Versions: Centreon centreon-open-tickets versions 22.10.x through 22.10.1 Centreon centreon-open-tickets versions 23.04.x through 23.04.2 Centreon centreon-open-tickets versions 23.10.x through 23.10.0 Centreon centreon-open-tickets versions 24.04.x...

CVE-2024-45756

An issue was discovered in Centreon centreon-open-tickets 24.10.x before 24.10.0, 24.04.x before 24.04.2, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to create a ticket. Exploitation is only accessible to authenticated users with...

CVE-2024-45756

Centreon centreon-open-tickets is affected by a SQL injection in the form to create a ticket. Exploitation requires authenticated access with high privileges. Affected versions include 22.10.x–22.10.1, 23.04.x–23.04.2, 23.10.x–23.10.0, 24.04.x–24.04.1, and 24.10.x–24.09.x. Remediations per PT-202...