216144 matches found
CVE-2026-40835
CVE-2026-40835 describes an unauthenticated SQL Injection in the saveObjectFromData function, exploitable by a low-privileged remote attacker. Root cause: improper neutralization of special elements in a SQL SELECT command. Impact: total confidentiality loss. Documents from NVD and CVE lists conf...
CVE-2026-40834
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...
EUVD-2026-32133
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...
CVE-2026-40834
CVE-2026-40834 describes an unauthenticated SQL injection in the saveDashboardLayout function of dash_layout.php. A low-privileged remote attacker can trigger the vulnerability over the network to read the entire database and insert entries into a non-critical table, resulting in total loss of co...
CVE-2026-40833 Authenticated SQLi in saveDashboardLayout function
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...
CVE-2026-40833 Authenticated SQLi in saveDashboardLayout function
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...
CVE-2026-40833
CVE-2026-40833 describes an unauthenticated SQL Injection in the saveDashboardLayout function of dash.php, allowing a low-privileged, remote attacker to read the entire database and insert data into a non-critical table. The issue arises from improper neutralization of user-supplied elements in a...
CVE-2026-8054 Unauthenticated SQL Injection in dotCMS Publish Audit API
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...
CVE-2026-8054
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...
CVE-2026-8054
dotCMS Core versions 25.11.04-1 to 26.04.28-02 contain an SQL injection in the Publish Audit API (/api/auditPublishing/get and /api/auditPublishing/getAll). The endpoints did not require authentication and used unsanitized input in dynamically constructed SQL, allowing remote unauthenticated atta...
CVE-2026-40832 Authenticated SQLi in getDevicegroups function
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40832
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40831 Authenticated SQLi in Easy View
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40831
CVE-2026-40831 affects Easy View and describes an unauthenticated SQL injection due to improper neutralization of special elements in a SQL SELECT command. A low-privilege remote attacker can exploit this to achieve total confidentiality loss. The connected sources confirm the vulnerability langu...
EUVD-2026-32159
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...
CVE-2026-40829 Authenticated SQLi in UpdateParam function
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...
CVE-2026-40829
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...
EUVD-2026-32158
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...
CVE-2026-40829 Authenticated SQLi in UpdateParam function
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...
CVE-2026-40828 Authenticated SQLi in DeleteSysLogEntry function
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...