CVE-2026-2620 | Huace Monitoring and Early Warning System 2.2 ProjectRole.aspx ID sql injection

A vulnerability categorized as critical has been discovered in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulation of the argument ID can lead to sql injection.

This vulnerability is registered as CVE-2026-2620. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2620 | Huace Monitoring and Early Warning System 2.2 ProjectRole.aspx ID sql injection

Post correlati

CVE-2025-68699 | NanoMQ MQTT Broker 0.24.6 Subscription strchr null pointer dereference (GHSA-qv5f-c6v2-2f8h)

CVE-2026-0681 | Extended Random Number Generator Plugin up to 1.1 on WordPress Setting cross site scripting

CVE-2024-9320 | SourceCodester Online Timesheet App 1.0 Add Timesheet Form add-timesheet.php day/task cross site scripting

CVE-2024-42626 | FrogCMS 0.9.5 /admin/ cross-site request forgery