Approved changes feed: RSS · Atom
cpe:2.3:a:helmholz:myrex24v2:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Helmholz (464ff5a7-c87f-5dc1-9bca-f7c898c0bb50) |
|---|---|
| Product | Myrex24V2 (50e67088-ab2a-5b3c-8bab-3acf315aeda5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-40850 |
vulnerable | 2026-06-03 15:23:35.058342 |
Unauthenticated SQLi in getAccountData function
HIGH (7.5)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T08:00:01.201Z
Updated: 2026-05-27T11:54:47.362Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40849 |
vulnerable | 2026-06-03 15:23:35.057405 |
Authenticated SQLi in user_alarmprofile view
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:59:44.789Z
Updated: 2026-05-27T11:55:01.629Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40848 |
vulnerable | 2026-06-03 15:23:35.056774 |
Authenticated SQLi in tag view
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:59:29.242Z
Updated: 2026-05-27T11:55:15.389Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40847 |
vulnerable | 2026-06-03 15:23:35.056091 |
Authenticated SQLi in system_tag view
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system_tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:59:14.019Z
Updated: 2026-05-27T11:55:30.441Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40846 |
vulnerable | 2026-06-03 15:23:35.055546 |
Authenticated SQLi in system view
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:58:59.970Z
Updated: 2026-05-27T11:55:44.364Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40845 |
vulnerable | 2026-06-03 15:23:35.054556 |
Authenticated SQLi in devices_configuration view
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devices_configuration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:58:44.537Z
Updated: 2026-05-27T11:55:57.887Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40844 |
vulnerable | 2026-06-03 15:23:35.053790 |
Authenticated SQLi in dashboard view
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:58:25.864Z
Updated: 2026-05-27T11:56:11.299Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40843 |
vulnerable | 2026-06-03 15:23:35.053090 |
Authenticated SQLi in alarming view
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the alarming view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:58:05.399Z
Updated: 2026-05-27T11:56:24.845Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40842 |
vulnerable | 2026-06-03 15:23:35.052227 |
Authenticated SQLi in getWidgetTags function
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:57:52.556Z
Updated: 2026-05-27T11:56:38.229Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40841 |
vulnerable | 2026-06-03 15:23:35.051448 |
Authenticated SQLi in getProjectTags function
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:57:38.881Z
Updated: 2026-05-27T11:56:52.262Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40840 |
vulnerable | 2026-06-03 15:23:35.050686 |
Authenticated SQLi in VerifyCreateLicences function
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:57:21.811Z
Updated: 2026-05-27T11:57:07.786Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40839 |
vulnerable | 2026-06-03 15:23:35.049821 |
Authenticated SQLi in getComponentScalings function
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:57:07.966Z
Updated: 2026-05-27T11:57:21.263Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40838 |
vulnerable | 2026-06-03 15:23:35.049158 |
Authenticated SQLi in getDeviceScalings function
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:56:51.479Z
Updated: 2026-05-27T11:57:35.412Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40837 |
vulnerable | 2026-06-03 15:23:35.048550 |
Authenticated SQLi in getProjectScalings function
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:56:35.787Z
Updated: 2026-05-27T11:57:49.553Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40836 |
vulnerable | 2026-06-03 15:23:35.047777 |
Authenticated SQLi in inmessage model
HIGH (7.1)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity.
Published: 2026-05-27T07:56:21.298Z
Updated: 2026-05-27T11:58:03.081Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40835 |
vulnerable | 2026-06-03 15:23:35.046886 |
Authenticated SQLi in saveObjectFromData function
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:56:00.875Z
Updated: 2026-05-27T11:58:17.099Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40834 |
vulnerable | 2026-06-03 15:23:35.045905 |
Authenticated SQLi in saveDashboardLayout function
HIGH (7.1)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash_layout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confidentiality and some loss of integrity.
Published: 2026-05-27T07:55:44.947Z
Updated: 2026-05-27T11:58:31.072Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40833 |
vulnerable | 2026-06-03 15:23:35.044809 |
Authenticated SQLi in saveDashboardLayout function
HIGH (7.1)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confidentiality and some loss of integrity.
Published: 2026-05-27T07:55:27.834Z
Updated: 2026-05-27T11:58:44.521Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40832 |
vulnerable | 2026-06-03 15:23:35.044181 |
Authenticated SQLi in getDevicegroups function
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:54:53.931Z
Updated: 2026-05-27T11:58:58.588Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40831 |
vulnerable | 2026-06-03 15:23:35.043681 |
Authenticated SQLi in Easy View
MEDIUM (6.5)
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:54:35.826Z
Updated: 2026-05-27T11:59:12.569Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40830 |
vulnerable | 2026-06-03 15:23:35.042906 |
Authenticated SQLi in UpdateParam function
MEDIUM (5.5)
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity.
Published: 2026-05-27T07:54:13.439Z
Updated: 2026-05-27T11:59:26.164Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40829 |
vulnerable | 2026-06-03 15:23:35.042060 |
Authenticated SQLi in UpdateParam function
MEDIUM (5.5)
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity.
Published: 2026-05-27T07:53:55.370Z
Updated: 2026-05-27T11:59:40.342Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40828 |
vulnerable | 2026-06-03 15:23:35.041184 |
Authenticated SQLi in DeleteSysLogEntry function
MEDIUM (5.5)
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity.
Published: 2026-05-27T07:53:34.558Z
Updated: 2026-05-27T11:59:53.882Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40827 |
vulnerable | 2026-06-03 15:23:35.040480 |
Authenticated SQLi in _RemoveRequest function
MEDIUM (5.5)
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity.
Published: 2026-05-27T07:53:12.337Z
Updated: 2026-05-27T12:00:10.336Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40826 |
vulnerable | 2026-06-03 15:23:35.039416 |
Authenticated SQLi in dsgvo_contracts view
MEDIUM (4.9)
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dsgvo_contracts view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:52:45.810Z
Updated: 2026-05-27T12:00:23.838Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40825 |
vulnerable | 2026-06-03 15:23:35.038774 |
Authenticated SQLi in accountstatus view
MEDIUM (5.5)
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity.
Published: 2026-05-27T07:52:21.665Z
Updated: 2026-05-27T12:00:37.390Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40824 |
vulnerable | 2026-06-03 15:23:35.038024 |
Authenticated SQLi in accountstatus view
MEDIUM (5.5)
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity.
Published: 2026-05-27T07:50:56.041Z
Updated: 2026-05-27T12:00:51.291Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40823 |
vulnerable | 2026-06-03 15:23:35.036984 |
Authenticated SQLi in DevSerialReset function
MEDIUM (5.5)
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity.
Published: 2026-05-27T07:50:41.100Z
Updated: 2026-05-27T12:01:06.517Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40822 |
vulnerable | 2026-06-03 15:23:35.035953 |
Authenticated SQLi in DevSerialReset function
MEDIUM (4.9)
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:50:23.128Z
Updated: 2026-05-27T12:01:20.461Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40821 |
vulnerable | 2026-06-03 15:23:35.035328 |
Authenticated SQLi in getAccountByID function
MEDIUM (4.9)
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountByID function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:49:51.619Z
Updated: 2026-05-27T12:01:33.936Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40819 |
vulnerable | 2026-06-03 15:23:35.034430 |
Unauthenticated SQLi in sync_data24 task
HIGH (7.5)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the sync_data24 task due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:49:14.497Z
Updated: 2026-05-27T12:01:47.280Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40818 |
vulnerable | 2026-06-03 15:23:35.030412 |
Unauthenticated SQLi in _mb24confi_getDevice function function
HIGH (7.5)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24confi_getDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:48:53.572Z
Updated: 2026-05-27T12:02:00.721Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40817 |
vulnerable | 2026-06-03 15:23:35.029404 |
Unauthenticated SQLi in getAlarmProfiles function
HIGH (7.5)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:48:32.803Z
Updated: 2026-05-27T12:02:14.206Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40816 |
vulnerable | 2026-06-03 15:23:35.028683 |
Unauthenticated SQLi in _mb24confi_getTagAlarm function
HIGH (7.5)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:48:16.758Z
Updated: 2026-05-27T12:02:27.818Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40815 |
vulnerable | 2026-06-03 15:23:35.027798 |
Unauthenticated SQLi in _mb24api_getUserAccount function
HIGH (7.5)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24api_getUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:47:36.405Z
Updated: 2026-05-27T12:02:41.770Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40814 |
vulnerable | 2026-06-03 15:23:35.027297 |
Unauthenticated SQLi in _mb24confi_getTagAlarm function
HIGH (7.5)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:47:05.528Z
Updated: 2026-05-27T12:02:55.853Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40813 |
vulnerable | 2026-06-03 15:23:35.026555 |
Unauthenticated SQLi in getLiveValues
HIGH (7.5)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions tagid parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:45:29.214Z
Updated: 2026-05-27T12:03:09.938Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40812 |
vulnerable | 2026-06-03 15:23:35.025851 |
Unauthenticated SQLi in getLiveValues function
HIGH (7.5)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:45:09.015Z
Updated: 2026-05-27T12:03:23.991Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40811 |
vulnerable | 2026-06-03 15:23:35.025003 |
Unauthenticated SQLi in ssoabstractservice
HIGH (7.5)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:44:32.633Z
Updated: 2026-05-27T12:03:38.795Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40810 |
vulnerable | 2026-06-03 15:23:35.016741 |
Unauthenticated SQLi in userinfo Endpoint
HIGH (7.5)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27T07:38:42.445Z
Updated: 2026-05-27T12:03:54.226Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-32969 |
vulnerable | 2026-06-03 15:20:44.033955 |
Pre-Auth Blind SQLi in userinfo Endpoint
HIGH (7.5)
An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-03-23T11:16:22.255Z
Updated: 2026-03-23T16:01:30.953Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-32968 |
vulnerable | 2026-06-03 15:20:44.031932 |
Unauthenticated RCE in com_mb24sysapi
CRITICAL (9.8)
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.
Published: 2026-03-23T11:16:01.413Z
Updated: 2026-03-23T13:51:18.931Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.