Helmholz Myrex24V2 vulnerabilities
42 known vulnerabilities affecting helmholz/myrex24v2.
Total CVEs
42
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH15MEDIUM26
Vulnerabilities
Page 2 of 3
CVE-2026-40832P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40832 [MEDIUM] CWE-89 CVE-2026-40832: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40840P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40840 [MEDIUM] CWE-89 CVE-2026-40840: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40838P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40838 [MEDIUM] CWE-89 CVE-2026-40838: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40841P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40841 [MEDIUM] CWE-89 CVE-2026-40841: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40831P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40831 [MEDIUM] CWE-89 CVE-2026-40831: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40843P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40843 [MEDIUM] CWE-89 CVE-2026-40843: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the alarming view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40849P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40849 [MEDIUM] CWE-89 CVE-2026-40849: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40846P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40846 [MEDIUM] CWE-89 CVE-2026-40846: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40847P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40847 [MEDIUM] CWE-89 CVE-2026-40847: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system_tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40848P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40848 [MEDIUM] CWE-89 CVE-2026-40848: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40845P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40845 [MEDIUM] CWE-89 CVE-2026-40845: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devices_configuration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40844P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40844 [MEDIUM] CWE-89 CVE-2026-40844: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40829P3MEDIUMCVSS 5.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40829 [MEDIUM] CWE-89 CVE-2026-40829: A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality a
nvd
CVE-2026-40828P3MEDIUMCVSS 5.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40828 [MEDIUM] CWE-89 CVE-2026-40828: A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss
nvd
CVE-2026-40830P3MEDIUMCVSS 5.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40830 [MEDIUM] CWE-89 CVE-2026-40830: A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentialit
nvd
CVE-2026-40827P3MEDIUMCVSS 5.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40827 [MEDIUM] CWE-89 CVE-2026-40827: A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of
nvd
CVE-2026-40824P3MEDIUMCVSS 5.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40824 [MEDIUM] CWE-89 CVE-2026-40824: A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and so
nvd
CVE-2026-40823P3MEDIUMCVSS 5.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40823 [MEDIUM] CWE-89 CVE-2026-40823: A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of i
nvd
CVE-2026-40825P3MEDIUMCVSS 5.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40825 [MEDIUM] CWE-89 CVE-2026-40825: A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and s
nvd
CVE-2026-40826P4MEDIUMCVSS 4.9≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40826 [MEDIUM] CWE-89 CVE-2026-40826: A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dsgvo_contracts view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd