{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-4910/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-4910","sql-injection","streamax","webserver"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA SQL injection vulnerability, identified as CVE-2026-4910, affects Shenzhen Ruiming Technology Streamax Crocus bis version 1.3.44. The vulnerability is located within the \u003ccode\u003e/RemoteFormat.do\u003c/code\u003e file, specifically the \u003ccode\u003eEndpoint\u003c/code\u003e component. By manipulating the \u003ccode\u003eState\u003c/code\u003e argument, a remote attacker can inject arbitrary SQL commands. Publicly available exploits exist, increasing the risk of exploitation. The vendor was notified but did not respond. Successful exploitation could lead to unauthorized data…\u003c/p\u003e\n","date_modified":"2026-03-27T04:16:08Z","date_published":"2026-03-27T04:16:08Z","id":"/briefs/2026-03-streamax-sql-injection/","summary":"A SQL injection vulnerability (CVE-2026-4910) exists in Shenzhen Ruiming Technology Streamax Crocus bis 1.3.44 via the /RemoteFormat.do endpoint, allowing remote attackers to execute arbitrary SQL commands by manipulating the State argument.","title":"Shenzhen Ruiming Technology Streamax Crocus bis SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-streamax-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-4910","version":"https://jsonfeed.org/version/1.1"}