CVE-2026-40828 Authenticated SQLi in DeleteSysLogEntry function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

PT-2026-43594

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

Observium cross-site scripting vulnerability (CNVD-2020-62446)

Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. Observium suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to inject and store malicious JavaScript code via...

CVE-2020-25139

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via laid to the /syslogrules URI for deletesyslogrule,...