Lucene search
K

350 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/27 7:57 a.m.8 views

CVE-2026-40839

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2026/05/27 7:56 a.m.21 views

CVE-2026-40838

CVE-2026-40838 involves an unauthenticated SQL injection in the getDeviceScalings function. An attacker with low privileges and remote access can exploit improper neutralization of special elements in a SQL SELECT command, leading to total confidentiality loss. The CVSS metrics indicate Network a...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:56 a.m.12 views

EUVD-2026-32137

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:56 a.m.9 views

CVE-2026-40838 Authenticated SQLi in getDeviceScalings function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:56 a.m.13 views

EUVD-2026-32136

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 7:56 a.m.19 views

CVE-2026-40837

CVE-2026-40837 describes an unauthenticated SQL Injection in the getProjectScalings function, allowing a low-privileged remote attacker to compromise confidentiality. The root cause is improper neutralization of special elements within a SQL SELECT command, enabling arbitrary data exposure. The a...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:56 a.m.33 views

CVE-2026-40836 Authenticated SQLi in inmessage model

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a...

7.1CVSS0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:56 a.m.14 views

EUVD-2026-32134

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:55 a.m.14 views

EUVD-2026-32132

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00223EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 7:54 a.m.20 views

CVE-2026-40832

CVE-2026-40832 describes an unauthenticated (per NVD) SQL injection in the getDevicegroups function caused by improper neutralization of inputs in a SQL SELECT, enabling a remote attacker to potentially exfiltrate data and cause total confidentiality loss. The CVSS metrics indicate NETWORK access...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:54 a.m.12 views

EUVD-2026-32161

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:54 a.m.9 views

CVE-2026-40831

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00324EPSS
Exploits0References2Affected Software4
EUVD
EUVD
added 2026/05/27 7:54 a.m.10 views

EUVD-2026-32160

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00324EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:54 a.m.8 views

CVE-2026-40830

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00295EPSS
Exploits0References2Affected Software4
EUVD
EUVD
added 2026/05/27 7:53 a.m.10 views

EUVD-2026-32157

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS6AI score0.00295EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:53 a.m.10 views

CVE-2026-40827

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...

7CVSS6AI score0.00295EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2026/05/27 7:53 a.m.20 views

CVE-2026-40827

CVE-2026-40827 describes an unauthenticated SQL Injection in the _RemoveRequest function. The vulnerability allows reading the entire database and deleting entries in a non-critical table due to improper neutralization of special elements in a SQL DELETE command. Reported impacts include total co...

7CVSS6AI score0.00295EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:52 a.m.13 views

EUVD-2026-32130

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dsgvocontracts view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

6.9CVSS5.9AI score0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:52 a.m.8 views

CVE-2026-40825 Authenticated SQLi in accountstatus view

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS6AI score0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 7:52 a.m.22 views

CVE-2026-40825

CVE-2026-40825 describes an unauthenticated SQL Injection in the accountstatus view devices parameter. The vulnerability arises from improper neutralization of special elements in a SQL UPDATE command, enabling reading the entire database and altering values in a non-critical table. Reported impa...

7CVSS6AI score0.00239EPSS
Exploits0References1
Rows per page
Query Builder