Total
15513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22799 | 2025-01-15 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vertim Coders Neon Product Designer allows SQL Injection.This issue affects Neon Product Designer: from n/a through 2.1.1. | |||||
| CVE-2025-22785 | 2025-01-15 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System allows SQL Injection.This issue affects Course Booking System: from n/a through 6.0.5. | |||||
| CVE-2024-29230 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | N/A | 5.4 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | |||||
| CVE-2023-33439 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2025-01-14 | N/A | 7.2 HIGH |
| Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. | |||||
| CVE-2024-29239 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | N/A | 5.4 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | |||||
| CVE-2024-29234 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | N/A | 5.4 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | |||||
| CVE-2024-29233 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | N/A | 5.4 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | |||||
| CVE-2024-29232 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | N/A | 5.4 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | |||||
| CVE-2023-38724 | 1 Ibm | 1 Cognos Controller | 2025-01-14 | N/A | 6.3 MEDIUM |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183. | |||||
| CVE-2024-29227 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | N/A | 5.4 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | |||||
| CVE-2024-29238 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | N/A | 5.4 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | |||||
| CVE-2024-29236 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | N/A | 5.4 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | |||||
| CVE-2021-43927 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.5 HIGH | 4.7 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | |||||
| CVE-2021-43925 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.5 HIGH | 4.7 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | |||||
| CVE-2024-29235 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | N/A | 5.4 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | |||||
| CVE-2021-43926 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.5 HIGH | 4.7 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | |||||
| CVE-2024-29237 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | N/A | 5.4 MEDIUM |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | |||||
| CVE-2024-13162 | 2025-01-14 | N/A | 7.2 HIGH | ||
| SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848. | |||||
| CVE-2022-24628 | 1 Audiocodes | 1 Device Manager Express | 2025-01-14 | N/A | 7.2 HIGH |
| An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php. | |||||
| CVE-2022-24627 | 1 Audiocodes | 1 Device Manager Express | 2025-01-14 | N/A | 9.8 CRITICAL |
| An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form. | |||||