CVE Database

109287+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-48238
7.1 HIGH

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile_main.php where the id GET parameter is concatenated into the WHERE clause of a …

May 21, 2026
CVE-2026-48237
7.1 HIGH

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST parameters are concatenated into WHERE clauses of …

May 21, 2026
CVE-2026-48236
7.1 HIGH

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) are concatenated into mysqli …

May 21, 2026
CVE-2026-48235
8.2 HIGH

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS …

May 21, 2026
CVE-2026-48234
7.1 HIGH

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET parameters are concatenated into the ORDER BY …

May 21, 2026
CVE-2026-48233
7.1 HIGH

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a …

May 21, 2026
CVE-2026-48232
7.1 HIGH

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a …

May 21, 2026
CVE-2026-48231
7.1 HIGH

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters (tablename, indexname, sortby) are concatenated into table/column identifiers …

May 21, 2026
CVE-2026-48230
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb_import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48229
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_i.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48228
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_w.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48227
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48226
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in os_watch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48225
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48224
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48223
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48222
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48221
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205a.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48220
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48219
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48218
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48217
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in delete_module.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48216
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db_loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48215
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48214
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-39593
6.5 MEDIUM

Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10.

May 21, 2026
CVE-2026-48213
5.4 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 21, 2026
CVE-2026-48207
9.8 CRITICAL

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is …

May 21, 2026
CVE-2026-9089
8.8 HIGH

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate …

May 21, 2026
CVE-2026-39531
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This …

May 21, 2026
CVE-2026-36189
6.2 MEDIUM

Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial of service via the …

May 21, 2026
CVE-2026-1816
6.3 MEDIUM

Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Brute Force. This issue affects Mobile Application: from 1.6.2 …

May 21, 2026
CVE-2026-1815
5.7 MEDIUM

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13.

May 21, 2026
CVE-2026-45208
7.8 HIGH

A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must …

May 21, 2026
CVE-2026-45207
7.8 HIGH

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 …

May 21, 2026
CVE-2026-45206
7.8 HIGH

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 …

May 21, 2026
CVE-2026-34930
7.8 HIGH

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 …

May 21, 2026
CVE-2026-34929
7.8 HIGH

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 …

May 21, 2026
CVE-2026-34928
7.8 HIGH

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 …

May 21, 2026
CVE-2026-34927
7.8 HIGH

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must …

May 21, 2026
CVE-2026-34926
6.7 MEDIUM KEV

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to …

May 21, 2026
CVE-2026-2740
8.4 HIGH

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the …

May 21, 2026
CVE-2025-71217
7.8 HIGH

An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected …

May 21, 2026
CVE-2025-71216
7.8 HIGH

A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. …

May 21, 2026
CVE-2025-71215
7.0 HIGH

A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on …

May 21, 2026
CVE-2025-71214
7.8 HIGH

An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected …

May 21, 2026
CVE-2025-71213
7.8 HIGH

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker …

May 21, 2026
CVE-2025-71212
7.8 HIGH

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: …

May 21, 2026
CVE-2025-71211
9.8 CRITICAL

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. …

May 21, 2026
CVE-2025-71210
9.8 CRITICAL

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. …

May 21, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.