CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

80325 matches found

CVE•added 2026/05/27 7:53 a.m.•6 views

CVE-2026-40827

CVE-2026-40827 describes an unauthenticated SQL Injection in the _RemoveRequest function. The vulnerability allows reading the entire database and deleting entries in a non-critical table due to improper neutralization of special elements in a SQL DELETE command. Reported impacts include total co...

7CVSS6AI score0.00043EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 7:53 a.m.•3 views

CVE-2026-40827 Authenticated SQLi in _RemoveRequest function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...

7CVSS6AI score0.00043EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 7:53 a.m.•6 views

CVE-2026-40827

7CVSS6AI score0.00043EPSS

Exploits0References2Affected Software4

Cvelist•added 2026/05/27 7:53 a.m.•23 views

CVE-2026-40827 Authenticated SQLi in _RemoveRequest function

7CVSS0.00043EPSS

Exploits0References1

EUVD•added 2026/05/27 7:52 a.m.•6 views

EUVD-2026-32129

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS6AI score0.00043EPSS

Exploits0References1

Cvelist•added 2026/05/27 7:52 a.m.•26 views

CVE-2026-40825 Authenticated SQLi in accountstatus view

7CVSS0.00043EPSS

Exploits0References1

CVE•added 2026/05/27 7:52 a.m.•10 views

CVE-2026-40825

CVE-2026-40825 describes an unauthenticated SQL Injection in the accountstatus view devices parameter. The vulnerability arises from improper neutralization of special elements in a SQL UPDATE command, enabling reading the entire database and altering values in a non-critical table. Reported impa...

7CVSS6AI score0.00043EPSS

Exploits0References1

Cvelist•added 2026/05/27 7:50 a.m.•25 views

CVE-2026-40824 Authenticated SQLi in accountstatus view

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS0.00043EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 7:50 a.m.•5 views

CVE-2026-40824

7CVSS6AI score0.00043EPSS

Exploits0References2Affected Software4

EUVD•added 2026/05/27 7:50 a.m.•10 views

EUVD-2026-32128

7CVSS6AI score0.00043EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 7:50 a.m.•5 views

CVE-2026-40824 Authenticated SQLi in accountstatus view

7CVSS6AI score0.00043EPSS

Exploits0References1

Cvelist•added 2026/05/27 7:50 a.m.•25 views

CVE-2026-40823 Authenticated SQLi in DevSerialReset function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can resu...

7CVSS0.00043EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 7:50 a.m.•3 views

CVE-2026-40823 Authenticated SQLi in DevSerialReset function

7CVSS6AI score0.00043EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 7:50 a.m.•7 views

CVE-2026-40823

7CVSS6AI score0.00043EPSS

Exploits0References2Affected Software4

Cvelist•added 2026/05/27 7:48 a.m.•22 views

CVE-2026-40818 Unauthenticated SQLi in _mb24confi_getDevice function function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24configetDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS0.00064EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 7:48 a.m.•3 views

CVE-2026-40816

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files mb24configetTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.00064EPSS

Exploits0References2Affected Software4

EUVD•added 2026/05/27 7:47 a.m.•5 views

EUVD-2026-32120

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24apigetUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.00064EPSS

Exploits0References1

CVE•added 2026/05/27 7:47 a.m.•6 views

CVE-2026-40815

CVE-2026-40815 describes an unauthenticated SQL injection vulnerability in the _mb24api_getUserAccount function. The issue arises from improper neutralization of special elements in a SQL SELECT command, allowing an unauthenticated remote attacker to potentially obtain total loss of confidentiali...

8.7CVSS5.9AI score0.00064EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 7:47 a.m.•3 views

CVE-2026-40815

8.7CVSS5.9AI score0.00064EPSS

Exploits0References2Affected Software4

ATTACKERKB•added 2026/05/27 7:47 a.m.•4 views

CVE-2026-40814

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files mb24configetTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.00064EPSS

Exploits0References2Affected Software4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by