CVE-2026-40830

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

EUVD-2026-32158

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

CVE-2026-40827

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...

CVE-2026-40827

CVE-2026-40827 describes an unauthenticated SQL Injection in the _RemoveRequest function. The vulnerability allows reading the entire database and deleting entries in a non-critical table due to improper neutralization of special elements in a SQL DELETE command. Reported impacts include total co...

CVE-2026-40827 Authenticated SQLi in _RemoveRequest function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...

CVE-2026-40823 Authenticated SQLi in DevSerialReset function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can resu...

CVE-2026-40821 Authenticated SQLi in getAccountByID function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountByID function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40818 Unauthenticated SQLi in _mb24confi_getDevice function function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24configetDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

EUVD-2026-32122

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40816

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files mb24configetTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40816 Unauthenticated SQLi in _mb24confi_getTagAlarm function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files mb24configetTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

EUVD-2026-32120

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24apigetUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40815

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24apigetUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40814

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files mb24configetTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

EUVD-2026-32119

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files mb24configetTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40814

CVE-2026-40814 describes an unauthenticated SQL Injection in the dataapi.php files, specifically the _mb24confi_getTagAlarm function, caused by improper neutralization of special elements in a SQL SELECT command. This vulnerability can lead to total confidentiality loss. CVSS information indicate...

CVE-2026-40814 Unauthenticated SQLi in _mb24confi_getTagAlarm function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files mb24configetTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40813

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions tagid parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40812

CVE-2026-40812 describes an unauthenticated SQL injection in the getLiveValues function’s sn parameter due to improper neutralization of special elements in a SQL SELECT command. The vulnerability is exploitable remotely by an unauthenticated attacker and can result in total loss of confidentiali...

CVE-2026-40812 Unauthenticated SQLi in getLiveValues function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...