Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.11 views

CVE-2026-40830

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS5.8AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 9:16 a.m.23 views

CVE-2026-40834

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS0.00223EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 9:16 a.m.20 views

CVE-2026-40833

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:55 a.m.31 views

CVE-2026-40834 Authenticated SQLi in saveDashboardLayout function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:53 a.m.11 views

CVE-2026-40828

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS6AI score0.00295EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2026/05/27 7:52 a.m.21 views

CVE-2026-40825

CVE-2026-40825 describes an unauthenticated SQL Injection in the accountstatus view devices parameter. The vulnerability arises from improper neutralization of special elements in a SQL UPDATE command, enabling reading the entire database and altering values in a non-critical table. Reported impa...

7CVSS6AI score0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 7:50 a.m.17 views

CVE-2026-40824

CVE-2026-40824 describes an unauthenticated SQL Injection in the accountstatus view userid parameter. An attacker with network access can exploit improper neutralization of special elements in a SQL UPDATE, enabling reading of the entire database and modification of values in a non-critical table...

7CVSS6AI score0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:50 a.m.12 views

CVE-2026-40823

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can resu...

7CVSS6AI score0.00239EPSS
Exploits0References2Affected Software4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-43600

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash layout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a no...

7.1CVSS6AI score0.00223EPSS
Exploits0References2
Rows per page
Query Builder