Total
19296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-40833 | 2026-05-27 | N/A | 7.1 HIGH | ||
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | |||||
| CVE-2026-40814 | 2026-05-27 | N/A | 7.5 HIGH | ||
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||
| CVE-2026-40825 | 2026-05-27 | N/A | 5.5 MEDIUM | ||
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | |||||
| CVE-2026-40841 | 2026-05-27 | N/A | 6.5 MEDIUM | ||
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||
| CVE-2026-40831 | 2026-05-27 | N/A | 6.5 MEDIUM | ||
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||
| CVE-2026-40832 | 2026-05-27 | N/A | 6.5 MEDIUM | ||
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||
| CVE-2026-40843 | 2026-05-27 | N/A | 6.5 MEDIUM | ||
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the alarming view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||
| CVE-2026-40828 | 2026-05-27 | N/A | 5.5 MEDIUM | ||
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | |||||
| CVE-2026-40826 | 2026-05-27 | N/A | 4.9 MEDIUM | ||
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dsgvo_contracts view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||
| CVE-2026-40822 | 2026-05-27 | N/A | 4.9 MEDIUM | ||
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||
| CVE-2026-40830 | 2026-05-27 | N/A | 5.5 MEDIUM | ||
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | |||||
| CVE-2026-40816 | 2026-05-27 | N/A | 7.5 HIGH | ||
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||
| CVE-2026-40838 | 2026-05-27 | N/A | 6.5 MEDIUM | ||
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||
| CVE-2026-40827 | 2026-05-27 | N/A | 5.5 MEDIUM | ||
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | |||||
| CVE-2026-40840 | 2026-05-27 | N/A | 6.5 MEDIUM | ||
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||
| CVE-2026-40849 | 2026-05-27 | N/A | 6.5 MEDIUM | ||
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||
| CVE-2026-40839 | 2026-05-27 | N/A | 6.5 MEDIUM | ||
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||
| CVE-2026-40848 | 2026-05-27 | N/A | 6.5 MEDIUM | ||
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||
| CVE-2026-40835 | 2026-05-27 | N/A | 6.5 MEDIUM | ||
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||
| CVE-2026-40837 | 2026-05-27 | N/A | 6.5 MEDIUM | ||
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |||||