{"vulnerability": "cve-2026-4824", "sightings": [{"uuid": "54826cfa-bf67-4236-9a2c-bf258b9ff91b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4824", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhwervgkyq2s", "content": "", "creation_timestamp": "2026-03-26T00:44:27.057218Z"}, {"uuid": "d5abccab-9cc4-4d95-9a31-ed05ea7a57e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48242", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116613867810424897", "content": "\ud83d\udea8 CRITICAL: CVE-2026-48242 in Open ISES Tickets <3.44.2 \u2014 Hardcoded MySQL creds in public code could enable unauthorized DB access. No patch yet. Rotate creds & review deployments immediately. https://radar.offseq.com/threat/cve-2026-48242-use-of-hard-coded-credentials-in-op-348559d8 #OffSeq #Vulnerability #InfoSec #CVE202648242", "creation_timestamp": "2026-05-21T18:00:11.988289Z"}, {"uuid": "3d225564-112b-471d-8e7c-63988f60f309", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48248", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf53dd7lx2e", "content": "CVE-2026-48248 - Open ISES Tickets\nCVE ID : CVE-2026-48248\n \n Published : May 21, 2026, 5:11 p.m. | 1\u00a0hour, 10\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (a...", "creation_timestamp": "2026-05-21T19:17:16.231353Z"}, {"uuid": "b4aa7cc8-2ab9-4b52-b628-744d09e1008f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48249", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf5nah2ou2o", "content": "CVE-2026-48249 - Open ISES Tickets\nCVE ID : CVE-2026-48249\n \n Published : May 21, 2026, 5:11 p.m. | 1\u00a0hour, 7\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc.php by setting CURLOPT_SSL_VERIFYPEER to...", "creation_timestamp": "2026-05-21T19:27:17.043341Z"}, {"uuid": "125c8cbe-36da-4afa-807a-00b9b60bfef0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48241", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116614222221100877", "content": "\ud83d\udea8 CRITICAL: Open ISES Tickets <3.44.2 has hardcoded MySQL creds in loader.php (CVE-2026-48241), exposing DBs to attack if reachable. Restrict file & DB access, rotate creds now. No official fix yet. https://radar.offseq.com/threat/cve-2026-48241-use-of-hard-coded-credentials-in-op-e794805b #OffSeq #Vulnerability #MySQL #AppSec", "creation_timestamp": "2026-05-21T19:30:19.741066Z"}, {"uuid": "9214bd0a-2d80-40c1-9d16-3df878756da3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48241", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mmf5spovok26", "content": "CRITICAL: Open ISES Tickets <3.44.2 leaks MySQL creds via loader.php. Restrict file & DB access, rotate passwords, and monitor for updates. No vendor fix yet. https://radar.offseq.com/threat/cve-2026-48241-use-of-hard-coded-credentials-in-op-e794805b #OffSeq #Vulnerability #Security", "creation_timestamp": "2026-05-21T19:30:21.647738Z"}, {"uuid": "a85a7742-1a99-4273-b8f8-133ec79e91b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48240", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf5w6wh5e2c", "content": "CVE-2026-48240 - Open ISES Tickets\nCVE ID : CVE-2026-48240\n \n Published : May 21, 2026, 5:10 p.m. | 1\u00a0hour, 7\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick_id and f_tick_id POST paramet...", "creation_timestamp": "2026-05-21T19:32:17.651743Z"}, {"uuid": "aaac162f-78c0-48c5-a69e-ee66d34db07f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48247", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf675fama2h", "content": "CVE-2026-48247 - Open ISES Tickets\nCVE ID : CVE-2026-48247\n \n Published : May 21, 2026, 5:11 p.m. | 1\u00a0hour, 10\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to fals...", "creation_timestamp": "2026-05-21T19:37:17.771320Z"}, {"uuid": "51601410-8bf5-4e2c-8188-810dc1b95ae3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48249", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf6i3tggj2c", "content": "CVE-2026-48249 - Open ISES Tickets\nCVE ID : CVE-2026-48249\n \n Published : May 21, 2026, 5:11 p.m. | 1\u00a0hour, 10\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc.php by setting CURLOPT_SSL_VERIFYPEER t...", "creation_timestamp": "2026-05-21T19:42:18.463826Z"}, {"uuid": "2ead62de-155c-431b-90ad-a932c03e3441", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48242", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mmeyrke6ru2p", "content": "Open ISES Tickets <3.44.2 has CRITICAL vuln: hardcoded MySQL credentials in public code. No patch yet. Check & rotate DB creds if affected! https://radar.offseq.com/threat/cve-2026-48242-use-of-hard-coded-credentials-in-op-348559d8 #OffSeq #Vulnerability #DatabaseSecurity", "creation_timestamp": "2026-05-21T18:00:14.266544Z"}, {"uuid": "74993f5a-6f1a-4812-99cb-9f611d0b44ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48241", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf36gur7i2i", "content": "CVE-2026-48241 - Open ISES Tickets\nCVE ID : CVE-2026-48241\n \n Published : May 21, 2026, 5:10 p.m. | 1\u00a0hour, 7\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are co...", "creation_timestamp": "2026-05-21T18:43:13.008430Z"}, {"uuid": "39cbb2b7-50ae-4d42-9b66-625dd0fd42c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48242", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf3aam72f2p", "content": "CVE-2026-48242 - Open ISES Tickets\nCVE ID : CVE-2026-48242\n \n Published : May 21, 2026, 5:11 p.m. | 1\u00a0hour, 11\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in imp...", "creation_timestamp": "2026-05-21T18:44:13.607913Z"}, {"uuid": "122c9239-4002-44c5-9f88-5aaca6e12417", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48248", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf3d3ehj52e", "content": "CVE-2026-48248 - Open ISES Tickets\nCVE ID : CVE-2026-48248\n \n Published : May 21, 2026, 5:11 p.m. | 1\u00a0hour, 7\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (an...", "creation_timestamp": "2026-05-21T18:45:48.801033Z"}, {"uuid": "db100561-56da-453d-a50a-f68b552c2cb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48245", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf3g33ygt2k", "content": "CVE-2026-48245 - Open ISES Tickets\nCVE ID : CVE-2026-48245\n \n Published : May 21, 2026, 5:11 p.m. | 1\u00a0hour, 7\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. Th...", "creation_timestamp": "2026-05-21T18:47:28.989210Z"}, {"uuid": "e8d38978-c85a-460c-9028-02b0ce361425", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48247", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf3jagyq62q", "content": "CVE-2026-48247 - Open ISES Tickets\nCVE ID : CVE-2026-48247\n \n Published : May 21, 2026, 5:11 p.m. | 1\u00a0hour, 7\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false...", "creation_timestamp": "2026-05-21T18:49:15.389002Z"}, {"uuid": "d8c2ecbf-3de0-495f-8330-488bcdf96844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48242", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf3mmc3p22v", "content": "CVE-2026-48242 - Open ISES Tickets\nCVE ID : CVE-2026-48242\n \n Published : May 21, 2026, 5:11 p.m. | 1\u00a0hour, 7\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in impo...", "creation_timestamp": "2026-05-21T18:51:08.505137Z"}, {"uuid": "4d76540e-fd3a-4c09-a83d-8d34d1073b32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48241", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf3q7edop2o", "content": "CVE-2026-48241 - Open ISES Tickets\nCVE ID : CVE-2026-48241\n \n Published : May 21, 2026, 5:10 p.m. | 1\u00a0hour, 11\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are c...", "creation_timestamp": "2026-05-21T18:53:09.144184Z"}, {"uuid": "d6c6a078-0db7-4621-a004-0b1ae9d9f4c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48243", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf3u2gu672i", "content": "CVE-2026-48243 - Open ISES Tickets\nCVE ID : CVE-2026-48243\n \n Published : May 21, 2026, 5:11 p.m. | 1\u00a0hour, 7\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse-phone API key in wp1.php that is committed to the public source repo...", "creation_timestamp": "2026-05-21T18:55:18.283951Z"}, {"uuid": "8fc9953c-c6c7-4761-af0a-5aed57694825", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48244", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf3y6tqux2e", "content": "CVE-2026-48244 - Open ISES Tickets\nCVE ID : CVE-2026-48244\n \n Published : May 21, 2026, 5:11 p.m. | 1\u00a0hour, 7\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that is committed to the public source reposito...", "creation_timestamp": "2026-05-21T18:57:36.945583Z"}, {"uuid": "44c04206-b846-4081-b986-0a87fc233604", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48246", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf44ohpdc2v", "content": "CVE-2026-48246 - Open ISES Tickets\nCVE ID : CVE-2026-48246\n \n Published : May 21, 2026, 5:11 p.m. | 1\u00a0hour, 7\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and ...", "creation_timestamp": "2026-05-21T19:00:07.754085Z"}, {"uuid": "2d95b7c2-b126-44d6-93d6-11abec6f891c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48241", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmf44uglag2k", "content": "\ud83d\udfe0 CVE-2026-48241 - High (8.1)\n\nOpen ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a pu...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-48241/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-21T19:00:14.861603Z"}, {"uuid": "dd1d21b4-ccc4-4083-a696-dfffe6879a3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48242", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmf454oiwc2w", "content": "\ud83d\udfe0 CVE-2026-48242 - High (8.1)\n\nOpen ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, u...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-48242/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-21T19:00:23.956890Z"}, {"uuid": "66972189-2683-4716-9c23-a7d3203974ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48246", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf4blasqq2n", "content": "CVE-2026-48246 - Open ISES Tickets\nCVE ID : CVE-2026-48246\n \n Published : May 21, 2026, 5:11 p.m. | 1\u00a0hour, 10\u00a0minutes ago\n \n Description : Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and...", "creation_timestamp": "2026-05-21T19:02:52.044654Z"}]}