CVE-2026-40844

The CVE describes an unauthenticated SQL Injection in a dashboard view, exploitable by a low-privileged remote attacker via a malicious SQL SELECT without proper input neutralization. Root cause: improper neutralization of special elements in a SQL SELECT command. Impact: total loss of confidenti...

CVE-2026-40844 Authenticated SQLi in dashboard view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40844 Authenticated SQLi in dashboard view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40842

The CVE-2026-40842 entry describes an unauthenticated SQL Injection in the getWidgetTags function, exploitable by a low-privilege remote attacker. The vulnerability arises from improper neutralization of certain elements in a SQL SELECT command, leading to a total loss of confidentiality. Related...

CVE-2026-40842 Authenticated SQLi in getWidgetTags function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40841 Authenticated SQLi in getProjectTags function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40841

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40841 Authenticated SQLi in getProjectTags function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40841

The CVE-2026-40841 entry involves an unauthenticated SQL injection in the getProjectTags function, disclosed across multiple sources. Affected state: it is triggered by improper neutralization of SQL elements in a SELECT, enabling a low-privileged, remote attacker to access data and potentially c...

CVE-2026-40840 Authenticated SQLi in VerifyCreateLicences function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40840 Authenticated SQLi in VerifyCreateLicences function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40839 Authenticated SQLi in getComponentScalings function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40839 Authenticated SQLi in getComponentScalings function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40839

The CVE-2026-40839 entry describes a SQL Injection in the getComponentScalings function. An unauthenticated/low-privileged remote attacker can leverage improper neutralization of input in a SQL SELECT, potentially leading to total confidentiality loss. The vulnerability is noted with CVSS 3.1 bas...

CVE-2026-40838 Authenticated SQLi in getDeviceScalings function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40838

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40837

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40836 Authenticated SQLi in inmessage model

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a...

CVE-2026-40835 Authenticated SQLi in saveObjectFromData function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40835 Authenticated SQLi in saveObjectFromData function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...