Export limit exceeded: 82750 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (82750 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23663 | 1 Microsoft | 1 Global Secure Access | 2026-05-27 | 7.5 High |
| Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-41670 | 1 Phoenix Contact | 14 Axc F 1152, Axc F 1252, Axc F 2000 Ea and 11 more | 2026-05-27 | 7.8 High |
| A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected against modification by low-privileged users. As the service runs with elevated privileges, successful exploitation may result in a local privilege escalation. | ||||
| CVE-2025-41669 | 1 Phoenix Contact | 14 Axc F 1152, Axc F 1252, Axc F 2000 Ea and 11 more | 2026-05-27 | 8.8 High |
| The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root privileges on the PLC device. A successful exploitation may allow to install a manipulated APP package, potentially impacting integrity and availability of the PLCnext Control. | ||||
| CVE-2026-40810 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40811 | 3 Helmholz, Mb Connect Line, Mbconnectline | 9 Myrex24.virtual, Myrex24 V2, Myrex24v2 and 6 more | 2026-05-27 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40812 | 3 Helmholz, Mb Connect Line, Mbconnectline | 9 Myrex24.virtual, Myrex24 V2, Myrex24v2 and 6 more | 2026-05-27 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40814 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40815 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24api_getUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40816 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40817 | 3 Helmholz, Mb Connect Line, Mbconnectline | 9 Myrex24.virtual, Myrex24 V2, Myrex24v2 and 6 more | 2026-05-27 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40818 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24confi_getDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-42746 | 2 Wordpress, Zaytech | 2 Wordpress, Smart Online Order For Clover | 2026-05-27 | 7.3 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0. | ||||
| CVE-2026-42753 | 2 Wclovers, Wordpress | 2 Wcfm Membership, Wordpress | 2026-05-27 | 7.3 High |
| Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through <= 2.11.10. | ||||
| CVE-2026-40833 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 7.1 High |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | ||||
| CVE-2026-40836 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 7.1 High |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | ||||
| CVE-2026-40850 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40851 | 2 Helmholz, Mb Connect Line | 5 Rex100, Rex200 250, Mbnet and 2 more | 2026-05-27 | 8.4 High |
| A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability. | ||||
| CVE-2026-42760 | 2 Revmakx, Wordpress | 2 Backup And Staging By Wp Time Capsule, Wordpress | 2026-05-27 | 7.5 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.25. | ||||
| CVE-2026-42734 | 2 Dylan Kuhn, Wordpress | 2 Geo Mashup, Wordpress | 2026-05-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Reflected XSS.This issue affects Geo Mashup: from n/a through <= 1.13.19. | ||||
| CVE-2026-42729 | 2 Propertyhive, Wordpress | 2 Propertyhive, Wordpress | 2026-05-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows DOM-Based XSS.This issue affects PropertyHive: from n/a through <= 2.2.2. | ||||