Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-40829 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | 7.0 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40828 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | 7.0 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40827 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | 7.0 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40826 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dsgvo_contracts view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 6.9 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40825 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | 7.0 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40824 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | 7.0 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40823 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | 7.0 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40822 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 6.9 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40821 | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountByID function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 6.9 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40819 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the sync_data24 task due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.06% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40818 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24confi_getDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.06% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40817 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.06% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40816 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.06% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40815 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24api_getUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.06% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40814 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.06% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40813 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions tagid parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.06% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40812 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.06% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40811 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.06% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40810 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.06% | 2026-05-27 | 2026-05-27 |
| CVE-2025-41670 | A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected against modification by low-privileged users. As the service runs with elevated privileges, successful exploitation may result in a local privilege escalation. | 8.7 | 0.03% | 2026-05-27 | 2026-05-27 |