NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-40834 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash_layout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | 7.1 | 0.22% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40833 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | 7.1 | 0.22% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40832 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 7.1 | 0.26% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40831 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 7.1 | 0.32% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40830 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | 7.0 | 0.29% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40829 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | 7.0 | 0.29% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40828 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | 7.0 | 0.29% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40827 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | 7.0 | 0.29% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40826 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dsgvo_contracts view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 6.9 | 0.28% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40825 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | 7.0 | 0.24% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40824 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | 7.0 | 0.24% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40823 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | 7.0 | 0.24% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40822 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 6.9 | 0.28% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40821 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountByID function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 6.9 | 0.28% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40819 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the sync_data24 task due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.32% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40818 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24confi_getDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.32% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40817 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.32% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40816 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.32% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40815 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24api_getUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.32% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40814 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.32% | 2026-05-27 | 2026-06-17 |