Search
Search Results (8 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40812 | 3 Helmholz, Mb Connect Line, Mbconnectline | 9 Myrex24.virtual, Myrex24 V2, Myrex24v2 and 6 more | 2026-05-27 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40817 | 3 Helmholz, Mb Connect Line, Mbconnectline | 9 Myrex24.virtual, Myrex24 V2, Myrex24v2 and 6 more | 2026-05-27 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40821 | 3 Helmholz, Mb Connect Line, Mbconnectline | 9 Myrex24.virtual, Myrex24 V2, Myrex24v2 and 6 more | 2026-05-27 | 4.9 Medium |
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountByID function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40811 | 3 Helmholz, Mb Connect Line, Mbconnectline | 9 Myrex24.virtual, Myrex24 V2, Myrex24v2 and 6 more | 2026-05-27 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-32968 | 3 Helmholz, Mb Connect Line, Mbconnectline | 4 Myrex24.virtual, Myrex24 V2, Mb Connect Line Mbconnect24 and 1 more | 2026-03-25 | 9.8 Critical |
| Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383. | ||||
| CVE-2026-32969 | 2 Helmholz, Mbconnectline | 4 Myrex24.virtual, Myrex24 V2, Mbconnect24 and 1 more | 2026-03-25 | 7.5 High |
| An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2024-45273 | 3 Helmholz, Mb Connect Line, Mbconnectline | 35 Myrex24.virtual, Myrex24 V2, Myrex24 V2 Virtual Server and 32 more | 2024-11-21 | 8.4 High |
| An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. | ||||
| CVE-2024-45272 | 2 Helmholz, Mbconnectline | 25 Myrex24.virtual, Myrex24 V2, Myrex24 V2 Virtual Server and 22 more | 2024-11-21 | 7.5 High |
| An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. | ||||
Page 1 of 1.