CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.15)
Open ISES Tickets before version 3.44.2 contains a reflected cross-site scripting vulnerability in search.php. It allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_query POST parameter directly into an HTML input field VALUE attribute.
Open ISES Tickets before version 3.44.2 contains a reflected cross-site scripting vulnerability in do_unit_mail.php. It allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the the_ticket GET parameter directly into a JavaScript variable assignment.
Open ISES Tickets before version 3.44.2 contains a reflected cross-site scripting vulnerability in routes_nm.php. It allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into a hidden input field VALUE attribute.
Open ISES Tickets before version 3.44.2 contains a reflected cross-site scripting vulnerability in street_view.php. It allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments.
Open ISES Tickets before version 3.44.2 contains a reflected cross-site scripting vulnerability in add_facnote.php. It allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into a hidden input field VALUE attribute.
Open ISES Tickets before version 3.44.2 contains a reflected cross-site scripting vulnerability in opena.php. It allows authenticated attackers to inject arbitrary JavaScript via an unsanitized frm_call GET parameter that is directly output to the page.
Open ISES Tickets before version 3.44.2 contains a reflected cross-site scripting vulnerability in patient_JF.php. It allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into a JavaScript variable assignment.
Open ISES Tickets before version 3.44.2 contains a reflected cross-site scripting vulnerability in add_note.php. It allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into a hidden input field VALUE attribute.
Open ISES Tickets before version 3.44.2 contains a reflected cross-site scripting vulnerability in single.php. An authenticated attacker can inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into an HTML attribute.
Open ISES Tickets before version 3.44.2 contains a reflected cross-site scripting vulnerability in single_unit.php. An authenticated attacker can inject arbitrary JavaScript by passing an unsanitized value through the id GET parameter directly into an HTML attribute.
A flaw was found in Keycloak where the cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity that was actually verified, allowing a second upstream account on the same IdP to consume it and get linked to the victim's local account.
A vulnerability in SSL certificate handling of Cisco ThousandEyes Virtual Appliance allows an authenticated remote attacker to execute code as root on the underlying OS. The issue is due to insufficient input validation.
The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, allowing JavaScript to be executed by the victim's browser, enabling the attacker to control the browser.
A vulnerability in Unbound DNS server up to version 1.25.0 allows an attacker to perform a DoS attack by querying for records with very large RRsets that do not share a suffix above the root. Unbound may lock the CPU during name compression for such responses, leading to performance degradation and denial of service.
In Unbound up to version 1.25.0 inclusive, a vulnerability in the jostle logic can degrade resolution performance. Retransmitted queries renew the age of slow queries, preventing their replacement with new ones. An adversary querying a vulnerable Unbound and controlling a slow/malicious DNS server can exploit this to degrade performance.
A vulnerability in rsync 3.4.2 and earlier allows a malicious server to intentionally trigger a SIGSEGV crash in the rsync client. The issue is in recv_files() in receiver.c, where an out-of-bounds array read leads to dereferencing an invalid pointer.
A vulnerability in rsync 3.4.2 and earlier allows local attacks via symlink race conditions. An attacker can swap symlinks in the timing window between path resolution and syscall execution, enabling operations on files outside the exported rsync module.
A vulnerability in rsync 3.4.2 and prior allows bypassing hostname-based access control in the rsync daemon when chroot is configured. Attackers can control the PTR record of their source IP to connect from a hostname that administrators intended to deny when reverse DNS fails and defaults to UNKNOWN.
In the AWS Secrets Manager and SSM Parameter Store secrets backends of `apache-airflow-providers-amazon` prior to 9.28.0, the team-scoping logic could resolve a `conn_id` containing a `/` (e.g. `"my_team/conn"`) to the same path as another team's team-scoped secret when the caller had no team context. A privileged caller without team context could therefore retrieve another team's secret by crafting a colliding `conn_id`.
Discourse to otwartoźródłowa platforma dyskusyjna. W wersjach przed 2026.1.4, 2026.3.1, 2026.4.1 i 2026.5.0-latest.1, występowała podatność w wtyczce discourse-subscriptions, która pozwalała użytkownikom uzyskać dostęp do grup objętych subskrypcją bez dokonania płatności. Problem został naprawiony w wymienionych wersjach.

