Export limit exceeded: 359950 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (43 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-40850 2 Helmholz, Mb Connect Line 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more 2026-05-27 7.5 High
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
CVE-2026-32968 3 Helmholz, Mb Connect Line, Mbconnectline 4 Myrex24.virtual, Myrex24 V2, Mb Connect Line Mbconnect24 and 1 more 2026-03-25 9.8 Critical
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.
CVE-2024-45273 3 Helmholz, Mb Connect Line, Mbconnectline 35 Myrex24.virtual, Myrex24 V2, Myrex24 V2 Virtual Server and 32 more 2024-11-21 8.4 High
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.