CVE-2026-40832

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40818

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24configetDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40822

The connected records confirm CVE-2026-40822 describes an unauthenticated SQL Injection in the DevSerialReset function, caused by improper neutralization of special elements in a SQL SELECT command. This allows a high-privilege, remote attacker to access data and leads to total confidentiality lo...

CVE-2026-40819 Unauthenticated SQLi in sync_data24 task

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the syncdata24 task due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-33616

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-32969 Pre-Auth Blind SQLi in userinfo Endpoint

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

WordPress Plugin Photoracer 1.0 - SQL Injection

WordPress Plugin Photoracer 1.0 - SQL Injection Exploit Title: WordPress Photoracer plugin prefix."photoracer where imgid=$imgid"; $out = $wpdb-getrow$q1; --- PoC --- http://www.site.com/wp-content/plugins/photoracer/viewimg.php?id=-1 UNION SELECT 0,1,2,3,4,VERSION,6,7,8...

iG Shop 1.4 - page.php SQL Injection

iG Shop 1.4 - page.php SQL Injection Discovered by: gsy & kerem125 Website: www.kerem125.com Script Download: http://www.igeneric.co.uk/ig-shopping-cart.html exploit:/shop/page.php?pagetype=catalognavigate&typeid=-99%20union//select//password//from//users/...

S21SEC-017 - Vignette /vgn/legacy/save SQL access

ID: S21SEC-017-en Title: Vignette /vgn/legacy/save SQL access Date: 15/03/2003 Status: Vendor contacted and solution available Scope: Execution of SQL SELECT calls Platforms: All Author: rpinuaga Location: http://www.s21sec.com/es/avisos/s21sec-017-en.txt Release: External S 2 1 S E C...