cbcvebase.

Helmholz Myrex24V2 vulnerabilities

42 known vulnerabilities affecting helmholz/myrex24v2.

Total CVEs
42
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH15MEDIUM26

Vulnerabilities

Page 1 of 3
CVE-2020-10383P3CRITICALCVSS 9.8≥ 0.0.0, ≤ 2.19.32020-04-14
CVE-2020-10383 [CRITICAL] CWE-78 CVE-2020-10383: An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all version An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module.
nvd
CVE-2026-32969P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.19.32026-03-23
CVE-2026-32969 [HIGH] CWE-89 CVE-2026-32969: An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the u An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40850P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40850 [HIGH] CWE-89 CVE-2026-40850: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40810P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40810 [HIGH] CWE-89 CVE-2026-40810: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40813P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40813 [HIGH] CWE-89 CVE-2026-40813: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions tagid parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40816P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40816 [HIGH] CWE-89 CVE-2026-40816: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40815P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40815 [HIGH] CWE-89 CVE-2026-40815: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24api_getUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40814P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40814 [HIGH] CWE-89 CVE-2026-40814: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40818P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40818 [HIGH] CWE-89 CVE-2026-40818: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24confi_getDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40812P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40812 [HIGH] CWE-89 CVE-2026-40812: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40811P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40811 [HIGH] CWE-89 CVE-2026-40811: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40817P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40817 [HIGH] CWE-89 CVE-2026-40817: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40819P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40819 [HIGH] CWE-89 CVE-2026-40819: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the sync_data24 task due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40833P3HIGHCVSS 7.1≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40833 [HIGH] CWE-89 CVE-2026-40833: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confidential
nvd
CVE-2026-40836P3HIGHCVSS 7.1≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40836 [HIGH] CWE-89 CVE-2026-40836: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity.
nvd
CVE-2026-40834P3HIGHCVSS 7.1≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40834 [HIGH] CWE-89 CVE-2026-40834: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash_layout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confi
nvd
CVE-2026-40837P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40837 [MEDIUM] CWE-89 CVE-2026-40837: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40835P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40835 [MEDIUM] CWE-89 CVE-2026-40835: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40839P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40839 [MEDIUM] CWE-89 CVE-2026-40839: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40842P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40842 [MEDIUM] CWE-89 CVE-2026-40842: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
Helmholz Myrex24V2 vulnerabilities | cvebase