233020 matches found
CVE-2026-40841 Authenticated SQLi in getProjectTags function
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40841 Authenticated SQLi in getProjectTags function
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40841
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40841
The CVE-2026-40841 entry involves an unauthenticated SQL injection in the getProjectTags function, disclosed across multiple sources. Affected state: it is triggered by improper neutralization of SQL elements in a SELECT, enabling a low-privileged, remote attacker to access data and potentially c...
CVE-2026-40840 Authenticated SQLi in VerifyCreateLicences function
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40840 Authenticated SQLi in VerifyCreateLicences function
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40839 Authenticated SQLi in getComponentScalings function
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40839
The CVE-2026-40839 entry describes a SQL Injection in the getComponentScalings function. An unauthenticated/low-privileged remote attacker can leverage improper neutralization of input in a SQL SELECT, potentially leading to total confidentiality loss. The vulnerability is noted with CVSS 3.1 bas...
CVE-2026-40839 Authenticated SQLi in getComponentScalings function
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40838 Authenticated SQLi in getDeviceScalings function
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40838
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40837
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40836 Authenticated SQLi in inmessage model
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a...
CVE-2026-40835
CVE-2026-40835 describes an unauthenticated SQL Injection in the saveObjectFromData function, exploitable by a low-privileged remote attacker. Root cause: improper neutralization of special elements in a SQL SELECT command. Impact: total confidentiality loss. Documents from NVD and CVE lists conf...
CVE-2026-40835 Authenticated SQLi in saveObjectFromData function
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40835
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40835 Authenticated SQLi in saveObjectFromData function
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
EUVD-2026-32133
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...
CVE-2026-40834
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...
CVE-2026-40834
CVE-2026-40834 describes an unauthenticated SQL injection in the saveDashboardLayout function of dash_layout.php. A low-privileged remote attacker can trigger the vulnerability over the network to read the entire database and insert entries into a non-critical table, resulting in total loss of co...