CVE-2026-1449 | Hisense TransTech Smart Bus Management System up to 20260113 TireMng.aspx Page_Load key sql injection

A vulnerability was found in Hisense TransTech Smart Bus Management System up to 20260113. It has been declared as critical. Affected is the function Page_Load of the file YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx. Executing a manipulation of the argument key can lead to sql injection.

This vulnerability is registered as CVE-2026-1449. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1449 | Hisense TransTech Smart Bus Management System up to 20260113 TireMng.aspx Page_Load key sql injection

Post correlati

CVE-2024-10866 | Export Import Menus Plugin up to 1.9.1 on WordPress authorization

CVE-2024-30230 | Acowebs PDF Invoices and Packing Slips for WooCommerce Plugin deserialization

CVE-2024-13137 | wangl1989 mysiteforme 1.0 SiteController RestResponse cross site scripting

CVE-2025-9801 | SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af filePath path traversal (Issue 959)