Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,598
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 9,901 - 9,920 of 37,942 CVEs
CVE-2026-40845 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devices_configuration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40844 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40843 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the alarming view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40842 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40841 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40840 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40839 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40838 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40837 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40836 HIGH - 7.1

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a to...

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40835 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40834 HIGH - 7.1

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash_layout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non c...

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40833 HIGH - 7.1

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical...

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40832 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40831 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40830 MEDIUM - 5.5

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical tab...

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40829 MEDIUM - 5.5

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table....

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40828 MEDIUM - 5.5

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can res...

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40827 MEDIUM - 5.5

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result...

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-2237 MEDIUM - 6.2

A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information.

Vendor: synology
Product: storage_manager
Published: May 27, 2026
Source: NVD