CVE-2026-40818

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24configetDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40817 Unauthenticated SQLi in getAlarmProfiles function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

EUVD-2026-32122

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40816 Unauthenticated SQLi in _mb24confi_getTagAlarm function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files mb24configetTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40815 Unauthenticated SQLi in _mb24api_getUserAccount function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24apigetUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40815

CVE-2026-40815 describes an unauthenticated SQL injection vulnerability in the _mb24api_getUserAccount function. The issue arises from improper neutralization of special elements in a SQL SELECT command, allowing an unauthenticated remote attacker to potentially obtain total loss of confidentiali...

CVE-2026-40813

CVE-2026-40813 describes an unauthenticated remote SQL Injection vulnerability in the getLiveValues function, specifically in the tagid parameter of a SQL SELECT command. The flaw arises from improper neutralization of special elements, allowing arbitrary SQL execution and resulting in total loss...

EUVD-2026-32112

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40812

CVE-2026-40812 describes an unauthenticated SQL injection in the getLiveValues function’s sn parameter due to improper neutralization of special elements in a SQL SELECT command. The vulnerability is exploitable remotely by an unauthenticated attacker and can result in total loss of confidentiali...

CVE-2026-40811 Unauthenticated SQLi in ssoabstractservice

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

EUVD-2026-32111

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-9200

The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary .php files on the...

CVE-2026-7618

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2026-9200 Query Shortcode <= 0.2.1 - Authenticated (Contributor+) Local File Inclusion via 'lens' Shortcode Attribute

The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary .php files on the...

CVE-2026-9200

The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary .php files on the...

CVE-2026-9200 Query Shortcode <= 0.2.1 - Authenticated (Contributor+) Local File Inclusion via 'lens' Shortcode Attribute

The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary .php files on the...

CVE-2026-9200

CVE-2026-9200 affects the WordPress Query Shortcode plugin, vulnerable up to version 0.2.1. The vulnerability exists in the shortcode function, enabling Local File Inclusion. An authenticated attacker with contributor-level access or higher could include and execute arbitrary PHP files on the ser...

Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration

Summary The columnConfigAction endpoint in the CustomReportsBundle is vulnerable to SQL injection. An attacker with the reportsconfig permission can supply a malicious SQL configuration that is concatenated into a query and executed. Although the application attempts to filter certain DDL/DML...

EUVD-2026-32026

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcellist.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public...

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...