Total CVEs

143,746

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,549
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,101 - 12,120 of 40,151 CVEs
CVE-2026-48968 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.10.8.

Vendor: Averta
Product: Master Slider
Published: May 27, 2026
Source: NVD
CVE-2026-48877 MEDIUM - 6.5

Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0.

Vendor: Tom
Product: GenerateBlocks
Published: May 27, 2026
Source: NVD
CVE-2026-40852 HIGH - 7.2

A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality, i...

Vendor: MB connect line, Helmholz
Product: mbNET/mbNET.rokey, mbNET.mini, REX200/250, REX100
Published: May 27, 2026
Source: NVD
CVE-2026-40851 HIGH - 8.4

A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability.

Vendor: MB connect line, Helmholz
Product: mbNET/mbNET.rokey, mbNET.mini, REX200/250, REX100
Published: May 27, 2026
Source: NVD
CVE-2026-40850 HIGH - 7.5

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40849 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40848 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40847 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system_tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40846 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40845 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devices_configuration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40844 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40843 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the alarming view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40842 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40841 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40840 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40839 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40838 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40837 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40836 HIGH - 7.1

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a to...

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD
CVE-2026-40835 MEDIUM - 6.5

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor: MB connect line, Helmholz
Product: mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual
Published: May 27, 2026
Source: NVD