CVE-2026-40810
- EPSS 0.32%
- Veröffentlicht 27.05.2026 07:38:42
- Zuletzt bearbeitet 27.05.2026 14:53:22
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
CVE-2026-33617
- EPSS 0.27%
- Veröffentlicht 02.04.2026 09:00:10
- Zuletzt bearbeitet 16.04.2026 15:40:56
An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.
CVE-2026-33616
- EPSS 0.34%
- Veröffentlicht 02.04.2026 08:59:55
- Zuletzt bearbeitet 16.04.2026 15:41:30
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-33615
- EPSS 0.42%
- Veröffentlicht 02.04.2026 08:59:48
- Zuletzt bearbeitet 16.04.2026 15:45:00
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availab...
CVE-2026-33614
- EPSS 0.34%
- Veröffentlicht 02.04.2026 08:59:40
- Zuletzt bearbeitet 16.04.2026 15:45:35
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
CVE-2026-33613
- EPSS 0.5%
- Veröffentlicht 02.04.2026 08:59:34
- Zuletzt bearbeitet 16.04.2026 15:49:47
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the att...
CVE-2026-32969
- EPSS 0.44%
- Veröffentlicht 23.03.2026 11:16:22
- Zuletzt bearbeitet 23.03.2026 14:31:37
An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss o...
CVE-2026-32968
- EPSS 0.55%
- Veröffentlicht 23.03.2026 11:16:01
- Zuletzt bearbeitet 23.03.2026 14:31:37
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attac...
CVE-2025-3090
- EPSS 0.41%
- Veröffentlicht 24.06.2025 08:15:23
- Zuletzt bearbeitet 15.04.2026 00:35:42
An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.
CVE-2025-3092
- EPSS 0.41%
- Veröffentlicht 24.06.2025 08:14:31
- Zuletzt bearbeitet 15.04.2026 00:35:42
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.