Helmholz Myrex24v2
42 CVEs affecting Helmholz Myrex24v2. Latest disclosed: 2026-05-27. Critical: 1, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-32968 | Critical | 9.8 | 2026-03-23 | Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb… |
CVE-2026-40850 | High | 7.5 | 2026-05-27 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of… |
CVE-2026-40819 | High | 7.5 | 2026-05-27 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the sync_data24 task due to improper neutralization of special… |
CVE-2026-40818 | High | 7.5 | 2026-05-27 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24confi_getDevice function due to improper neutralizati… |
CVE-2026-40817 | High | 7.5 | 2026-05-27 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization o… |
CVE-2026-40816 | High | 7.5 | 2026-05-27 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to… |
CVE-2026-40815 | High | 7.5 | 2026-05-27 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24api_getUserAccount function due to improper neutraliz… |
CVE-2026-40814 | High | 7.5 | 2026-05-27 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files _mb24confi_getTagAlarm function due to i… |
CVE-2026-40813 | High | 7.5 | 2026-05-27 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions tagid parameter due to improper ne… |
CVE-2026-40812 | High | 7.5 | 2026-05-27 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutr… |
CVE-2026-40811 | High | 7.5 | 2026-05-27 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of speci… |
CVE-2026-40810 | High | 7.5 | 2026-05-27 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of specia… |
CVE-2026-32969 | High | 7.5 | 2026-03-23 | An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper ne… |
CVE-2026-40836 | High | 7.1 | 2026-05-27 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special e… |
CVE-2026-40834 | High | 7.1 | 2026-05-27 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash_layout.php files saveDashboardLayout function due to i… |
CVE-2026-40833 | High | 7.1 | 2026-05-27 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper… |
CVE-2026-40849 | Medium | 6.5 | 2026-05-27 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of sp… |
CVE-2026-40848 | Medium | 6.5 | 2026-05-27 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the tag view due to improper neutralization of special elements… |
CVE-2026-40847 | Medium | 6.5 | 2026-05-27 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system_tag view due to improper neutralization of special e… |
CVE-2026-40846 | Medium | 6.5 | 2026-05-27 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special eleme… |