Filtered by vendor Helmholz
Subscriptions
Filtered by product Myrex24v2
Subscriptions
Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40818 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24confi_getDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40821 | 3 Helmholz, Mb Connect Line, Mbconnectline | 9 Myrex24.virtual, Myrex24 V2, Myrex24v2 and 6 more | 2026-05-27 | 4.9 Medium |
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountByID function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40823 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 5.5 Medium |
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | ||||
| CVE-2026-40824 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 5.5 Medium |
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | ||||
| CVE-2026-40825 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 5.5 Medium |
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | ||||
| CVE-2026-40846 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 6.5 Medium |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40826 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 4.9 Medium |
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dsgvo_contracts view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40829 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 5.5 Medium |
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | ||||
| CVE-2026-40830 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 5.5 Medium |
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | ||||
| CVE-2026-40831 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 6.5 Medium |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40833 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 7.1 High |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | ||||
| CVE-2026-40835 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 6.5 Medium |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40836 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 7.1 High |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | ||||
| CVE-2026-40837 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 6.5 Medium |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40838 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 6.5 Medium |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40839 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 6.5 Medium |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40841 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 6.5 Medium |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40842 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 6.5 Medium |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40847 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 6.5 Medium |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system_tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40850 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||