CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

93276 matches found

Positive Technologies•added 2026/05/21 12:0 a.m.•10 views

PT-2026-42502

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm add str POST parameter directly into an HTML form hidden input value attribute...

5.4CVSS5.8AI score0.00259EPSS

Exploits0References4

CNNVD•added 2026/05/21 12:0 a.m.•9 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the ticketid GET parameter in routesi.php, allowing uncleaned values t...

5.4CVSS5.7AI score0.00169EPSS

Exploits0References1

Positive Technologies•added 2026/05/21 12:0 a.m.•9 views

PT-2026-42515

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm ticket id and frm resp id POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics...

7.1CVSS5.9AI score0.00214EPSS

Exploits0References4

Positive Technologies•added 2026/05/21 12:0 a.m.•16 views

PT-2026-42497

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm add str POST parameter directly into an HTML form hidden input value attribute...

5.4CVSS5.8AI score0.00212EPSS

Exploits0References4

Tenable Nessus•added 2026/05/21 12:0 a.m.•14 views

Linux Distros Unpatched Vulnerability : CVE-2026-46638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig: % sandbox %% include % skips checkSecurity on cached templates incomplete fix for CVE-2024-45411 CVE-2026-46638 Note that Nessus relies on the presence of...

8.6CVSS7.3AI score0.00826EPSS

Exploits0References3

Tenable Nessus•added 2026/05/21 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-46627

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-twig - None Ubuntu Linux - Unknown description CVE-2026-46627 Note that Nessus relies on the presence of the package as reported by the vendo...

5.8AI score

Exploits0References3

Tenable Nessus•added 2026/05/21 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-46634

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig: templatefromstring escapes a SourcePolicy-driven sandbox via synthesized template name CVE-2026-46634 Note that Nessus relies on the presence of the packa...

5.8AI score0.00031EPSS

Exploits0References2

Tenable Nessus•added 2026/05/21 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-46637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-twig - None Ubuntu Linux - Unknown description CVE-2026-46637 Note that Nessus relies on the presence of the package as reported by the vendo...

5.8AI score0.0006EPSS

Exploits0References3

Tenable Nessus•added 2026/05/21 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-46635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig: Sandbox property allowlist bypass via the column filter arraycolumn on objects CVE-2026-46635 Note that Nessus relies on the presence of the package as...

5.8AI score0.00047EPSS

Exploits0References3

Tenable Nessus•added 2026/05/21 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-46640

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig: Arbitrary PHP code execution via self. macro-reference compilation CVE-2026-46640 Note that Nessus relies on the presence of the package as reported by th...

6.2AI score0.00056EPSS

Exploits0References2

NVD•added 2026/05/20 8:16 p.m.•17 views

CVE-2026-35008

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into an HTML attribute. Attackers can craft a...

5.1CVSS0.00221EPSS

Exploits0References3

EUVD•added 2026/05/20 7:51 p.m.•8 views

EUVD-2026-31190

Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile that leads to Local File Inclusion. The function calls extract$params, EXTROVERWRITE before the require statement that loads the view file. As a result, a...

7.4CVSS5.7AI score0.00442EPSS

Exploits0References2