helmholz 漏洞與 CVE 列表(59)

產品(CPE): — CVE 數: 59

helmholz 漏洞概覽

彙總 helmholz 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

歷史漏洞主要涉及 SQL 注入與SSRF 等問題,部分漏洞可能導致 資料外洩,並影響 軟體部署與生產負載 相關場景。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 12059 CVE 數
«« 第一頁 « 上一頁 第 1 / 3 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-40852 A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality, integrity and availability. [email protected] 7.2 0.40% 2026-05-27 2026-06-17
CVE-2026-40851 A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability. [email protected] 8.4 0.14% 2026-05-27 2026-06-17
CVE-2026-40850 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. [email protected] 8.7 0.41% 2026-05-27 2026-06-17
CVE-2026-40849 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. [email protected] 7.1 0.27% 2026-05-27 2026-06-17
CVE-2026-40848 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. [email protected] 7.1 0.27% 2026-05-27 2026-06-17
CVE-2026-40847 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system_tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. [email protected] 7.1 0.27% 2026-05-27 2026-06-17
CVE-2026-40846 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. [email protected] 7.1 0.27% 2026-05-27 2026-06-17
CVE-2026-40845 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devices_configuration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. [email protected] 7.1 0.27% 2026-05-27 2026-06-17
CVE-2026-40844 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. [email protected] 7.1 0.27% 2026-05-27 2026-06-17
CVE-2026-40843 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the alarming view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. [email protected] 7.1 0.27% 2026-05-27 2026-06-17
CVE-2026-40842 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. [email protected] 7.1 0.27% 2026-05-27 2026-06-17
CVE-2026-40841 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. [email protected] 7.1 0.26% 2026-05-27 2026-06-17
CVE-2026-40840 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. [email protected] 7.1 0.26% 2026-05-27 2026-06-17
CVE-2026-40839 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. [email protected] 7.1 0.26% 2026-05-27 2026-06-17
CVE-2026-40838 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. [email protected] 7.1 0.26% 2026-05-27 2026-06-17
CVE-2026-40837 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. [email protected] 7.1 0.26% 2026-05-27 2026-06-17
CVE-2026-40836 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. [email protected] 7.1 0.22% 2026-05-27 2026-06-17
CVE-2026-40835 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. [email protected] 7.1 0.26% 2026-05-27 2026-06-17
CVE-2026-40834 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash_layout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confidentiality and some loss of integrity. [email protected] 7.1 0.22% 2026-05-27 2026-06-17
CVE-2026-40833 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confidentiality and some loss of integrity. [email protected] 7.1 0.22% 2026-05-27 2026-06-17
«« 第一頁 « 上一頁 第 1 / 3 頁 下一頁 »
cvelogic Threat Intelligence