Lucene search
K

353 matches found

CVE
CVE
added 2026/05/27 7:52 a.m.22 views

CVE-2026-40825

CVE-2026-40825 describes an unauthenticated SQL Injection in the accountstatus view devices parameter. The vulnerability arises from improper neutralization of special elements in a SQL UPDATE command, enabling reading the entire database and altering values in a non-critical table. Reported impa...

7CVSS6AI score0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:52 a.m.8 views

CVE-2026-40825 Authenticated SQLi in accountstatus view

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS6AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:50 a.m.15 views

EUVD-2026-32128

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS6AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:50 a.m.37 views

CVE-2026-40823 Authenticated SQLi in DevSerialReset function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can resu...

7CVSS0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:50 a.m.7 views

CVE-2026-40823 Authenticated SQLi in DevSerialReset function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can resu...

7CVSS6AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:49 a.m.79 views

CVE-2026-40821 Authenticated SQLi in getAccountByID function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountByID function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

6.9CVSS0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:48 a.m.9 views

CVE-2026-40817 Unauthenticated SQLi in getAlarmProfiles function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 7:48 a.m.19 views

CVE-2026-40817

CVE-2026-40817: An unauthenticated remote attacker can exploit an SQL injection in the getAlarmProfiles function due to improper neutralization in a SQL SELECT, causing a total loss of confidentiality. Affected data/impact are described as high severity (CVSS 3.1 base 7.5, HIGH; CVSS 4.0 base 8.7...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 7:47 a.m.26 views

CVE-2026-40814

CVE-2026-40814 describes an unauthenticated SQL Injection in the dataapi.php files, specifically the _mb24confi_getTagAlarm function, caused by improper neutralization of special elements in a SQL SELECT command. This vulnerability can lead to total confidentiality loss. CVSS information indicate...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:45 a.m.12 views

EUVD-2026-32115

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notifyccss and /wp-json/litespeed/v1/notifyucss REST API endpoints in all versions up to, and including, 7.7. These endpoints accept CSS content from QUIC.cloud callback notificatio...

7.2CVSS5.8AI score0.00359EPSS
Exploits0References8
CVE
CVE
added 2026/05/27 7:44 a.m.34 views

CVE-2026-40811

CVE-2026-40811 describes an unauthenticated SQL Injection in the ssoabstractservice caused by improper neutralization of special elements in a SQL SELECT command. The vulnerability allows remote attackers to achieve total confidentiality loss without authentication. CVSS metrics indicate high sev...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.10 views

PT-2026-43564

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS6AI score0.00239EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43610

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43596

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00295EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43565

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dsgvo contracts view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

6.9CVSS5.9AI score0.00281EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43605

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/25 2:15 p.m.13 views

EUVD-2018-21895

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...

8.8CVSS6.1AI score0.00305EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.17 views

PT-2026-43224

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...

8.8CVSS6.1AI score0.00305EPSS
Exploits0References3
Rows per page
Query Builder