|
4911
|
5.3 |
MEDIUM
Network
|
esri
|
arcgis_server
|
ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the en…
|
CWE-287
Improper Authentication
|
CVE-2026-2812
|
2026-05-22 03:56 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4912
|
7.5 |
HIGH
Network
|
progress
|
moveit_automation
|
Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data.
This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 befo…
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-8487
|
2026-05-22 03:56 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4913
|
7.5 |
HIGH
Network
|
progress
|
moveit_automation
|
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding.
This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 befor…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8486
|
2026-05-22 03:54 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4914
|
4.1 |
MEDIUM
Network
|
esri
|
arcgis_server
|
ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitati…
|
CWE-601
Open Redirect
|
CVE-2026-2813
|
2026-05-22 03:54 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4915
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbou…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-48247
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4916
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTT…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-48246
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4917
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the sour…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-48245
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4918
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that is committed to the public source repository. The key can be extracted by anyone with read access to th…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-48244
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4919
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse-phone API key in wp1.php that is committed to the public source repository. Any actor with read access to the source tree can ext…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-48243
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4920
|
8.1 |
HIGH
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code commi…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-48242
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
