NVD HIGH: CVE-2026-48241 — Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in...

Thursday, May 21, 2026 at 06:16 PM UTC·Source: NIST NVD

Updated: Tuesday, May 26, 2026 at 06:00 PM UTC

Executive Summary

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to the public source tree (or an unauthenticated attacker with read access to the file on a deployed installation) can read the username, password, and database name and use them to connect to the database

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-48241

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 21, 2026. Verified by: NIST.

Related Threats

CRITICALVulnerabilityNEW

CISA flags two-year-old Oracle flaw as actively exploited in attacks

CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks. [...]

33m agoBleepingComputer

CRITICALVulnerabilityNEW

Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches

A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches appeared first on SecurityWeek .

48m agoSecurityWeek

MEDIUMVulnerabilityNEW

Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked

Jason Koebler reports: Hackers say that they used Meta’s AI support chatbot to break into a host of high-profile Instagram profiles by asking the support bot to change the email address associated with the target account. The claims coincide with a series of high-profile Instagram account takeovers, including the Barack Obama White House account, the Chief Master... Source

49m agoDataBreaches.net