Vulnerabilities (CVE)

Filtered by CWE-89
Total 15513 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-22799 2025-01-15 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vertim Coders Neon Product Designer allows SQL Injection.This issue affects Neon Product Designer: from n/a through 2.1.1.
CVE-2025-22785 2025-01-15 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System allows SQL Injection.This issue affects Course Booking System: from n/a through 6.0.5.
CVE-2024-29230 1 Synology 2 Diskstation Manager, Surveillance Station 2025-01-14 N/A 5.4 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2023-33439 1 Faculty Evaluation System Project 1 Faculty Evaluation System 2025-01-14 N/A 7.2 HIGH
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=.
CVE-2024-29239 1 Synology 2 Diskstation Manager, Surveillance Station 2025-01-14 N/A 5.4 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29234 1 Synology 2 Diskstation Manager, Surveillance Station 2025-01-14 N/A 5.4 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29233 1 Synology 2 Diskstation Manager, Surveillance Station 2025-01-14 N/A 5.4 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29232 1 Synology 2 Diskstation Manager, Surveillance Station 2025-01-14 N/A 5.4 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2023-38724 1 Ibm 1 Cognos Controller 2025-01-14 N/A 6.3 MEDIUM
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183.
CVE-2024-29227 1 Synology 2 Diskstation Manager, Surveillance Station 2025-01-14 N/A 5.4 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29238 1 Synology 2 Diskstation Manager, Surveillance Station 2025-01-14 N/A 5.4 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29236 1 Synology 2 Diskstation Manager, Surveillance Station 2025-01-14 N/A 5.4 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2021-43927 1 Synology 1 Diskstation Manager 2025-01-14 7.5 HIGH 4.7 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2021-43925 1 Synology 1 Diskstation Manager 2025-01-14 7.5 HIGH 4.7 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2024-29235 1 Synology 2 Diskstation Manager, Surveillance Station 2025-01-14 N/A 5.4 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2021-43926 1 Synology 1 Diskstation Manager 2025-01-14 7.5 HIGH 4.7 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2024-29237 1 Synology 2 Diskstation Manager, Surveillance Station 2025-01-14 N/A 5.4 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-13162 2025-01-14 N/A 7.2 HIGH
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.
CVE-2022-24628 1 Audiocodes 1 Device Manager Express 2025-01-14 N/A 7.2 HIGH
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.
CVE-2022-24627 1 Audiocodes 1 Device Manager Express 2025-01-14 N/A 9.8 CRITICAL
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.