Lucene search
K

2902 matches found

Cvelist
Cvelist
added 2026/05/21 5:10 p.m.48 views

CVE-2026-48240 Open ISES Tickets < 3.44.2 SQL Injection via ajax/statistics.php tick_id and f_tick_id Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tickid and ftickid POST parameters are concatenated into WHERE clauses of SELECT statements in the statistics rollup queries without sanitization. Authenticated attackers can craft requests tha...

7.1CVSS0.00218EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/21 5:10 p.m.13 views

EUVD-2026-31322

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tickid and ftickid POST parameters are concatenated into WHERE clauses of SELECT statements in the statistics rollup queries without sanitization. Authenticated attackers can craft requests tha...

7.1CVSS5.9AI score0.00218EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 5:10 p.m.8 views

CVE-2026-48240 Open ISES Tickets < 3.44.2 SQL Injection via ajax/statistics.php tick_id and f_tick_id Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tickid and ftickid POST parameters are concatenated into WHERE clauses of SELECT statements in the statistics rollup queries without sanitization. Authenticated attackers can craft requests tha...

7.1CVSS5.9AI score0.00218EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.21 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the fact that the POST parameters tickid and ftickid were directly concatenated into the...

7.1CVSS5.9AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42518

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick id and f tick id POST parameters are concatenated into WHERE clauses of SELECT statements in the statistics rollup queries without sanitization. Authenticated attackers can craft requests...

7.1CVSS5.9AI score0.00218EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: workqueue: fixed a data race with the pwq-stats increment KCSAN has identified a data race in kernel/workqueue.c:2598: 1863.554079 ================================================================== 1863.554118 BUG: KCSAN: data-ra...

4.7CVSS6.5AI score0.00086EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: hinic: Avoid kernel hangs in hinicgetstats64 When using the hinic device as a bonding slave device and reading statistics from the master bonding device, the kernel may hang. The kernel panic call trace is as follows: Kernel...

5.5CVSS5.9AI score0.00153EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: mlxreg-fan Returns a non-zero value when the fan’s current state is enforced from sysfs. The minimum fan speed can be enforced from sysfs. For example, setting the current fan speed to 20 is used to ensure that the fan spe...

7.1CVSS6.2AI score0.00244EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Added an increment to the count field in struct tripstats, which represents the number of times the zone’s temperature exceeded the trip point. This increment must be performed in thermaldebugtztripup, for two...

5.5CVSS5.9AI score0.00227EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: spi: Fix for statistics allocation. The controller per-cpu statistics is not allocated until after the controller has been registered with the driver core. This creates a window during which accessing the sysfs attributes may lea...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/proc: dotaskstat: The sig-statslock lock is used to gather statistics about threads/children. The locktasksighand function can cause a hard lockup. If NRCPUS threads call dotaskstat at the same time, and the process has...

5.5CVSS5.9AI score0.00213EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/irdma: Fixed a data race on CQP completion statistics. CQP completion statistics is locked when used in irdmawaitevent and irdmacheckcqpprogress. However, it can also be updated in the completion thread irdmascccqgetcqein...

5.9AI score0.00168EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath11k – Fixed a memory leak in the WMI firmware stats. The memory allocated for firmware pdev, vdev, and beacon statistics is not released during the rmmod process. This issue was fixed by calling the ath11kfwstatsfree...

5.5CVSS5.8AI score0.00135EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: The issue related to GPF in bitmapgetstats has been fixed. The commit message for commit 6ec1f0239485 “md/md-bitmap: fix stats collection for external bitmaps” states: “Remove the external bitmap check, as statistic...

5.5CVSS6.1AI score0.00147EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: Broadcom – bcm4908enet: Updates TX statistics after actual transmission. Queuing packets does not guarantee their transmission. Updates TX statistics after the hardware confirms that it is consuming the submitted data. This...

5.8AI score0.00166EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Net: Bridge – Use DEVSTATSINC The syzbot/KCSAN reported a data race in the brhandleframefinish function 1. This function can be executed on multiple CPUs without mutual exclusion. It is recommended to use the SMP-safe DEVSTATSINC...

7CVSS6.1AI score0.0019EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: In the dmstats function, check for and propagate the allocpercpu failure. Check the return value of allocprecpu, and return an error from dmstatsinit if it fails. Update allocdev to fail if dmstatsinit does. Otherwise, a NULL...

5.5CVSS6.2AI score0.00168EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fixed memory corruption when using the identity domain. The function zpcigetiommuctrs returns counter information that needs to be reported as part of device statistics. These counters are stored as part of the...

7.8CVSS5.4AI score0.00134EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: BUG: NULL pointer dereference in the kernel, address: 0000000000000038 RIP efxnicupdatestats The function efxnetstats doctgetstats64 can be called during an ethtool self-test. During this period, nicdata-mcstats is NULL because t...

5.8AI score0.00215EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: tcp: tcpmakesynack can be called from process context. tcprtxsynack can now be called from process context, as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack may call...

5.5CVSS6.4AI score0.00155EPSS
Exploits0References1
Rows per page
Query Builder