Total
13472 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43926 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.7 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | ||||
| CVE-2021-43927 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.7 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29235 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 5.4 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29237 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 5.4 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29238 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 5.4 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-29236 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 5.4 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2024-13162 | 2025-01-14 | 7.2 High | ||
| SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848. | ||||
| CVE-2022-24628 | 1 Audiocodes | 1 Device Manager Express | 2025-01-14 | 7.2 High |
| An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php. | ||||
| CVE-2022-24627 | 1 Audiocodes | 1 Device Manager Express | 2025-01-14 | 9.8 Critical |
| An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form. | ||||
| CVE-2025-0462 | 2025-01-14 | 6.3 Medium | ||
| A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as critical. This issue affects some unknown processing of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1. The manipulation of the argument searchcontent leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-57631 | 2025-01-14 | 7.5 High | ||
| An issue in the exp_ref component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57630 | 2025-01-14 | 7.5 High | ||
| An issue in the exps_card component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57629 | 2025-01-14 | 7.5 High | ||
| An issue in the tail_type component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57628 | 2025-01-14 | 7.5 High | ||
| An issue in the exp_values_set_supertype component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-42244 | 2025-01-14 | 8.8 High | ||
| An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php. | ||||
| CVE-2024-35278 | 2025-01-14 | 4.1 Medium | ||
| A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request. | ||||
| CVE-2024-57637 | 2025-01-14 | 7.5 High | ||
| An issue in the dfe_unit_gb_dependant component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57636 | 2025-01-14 | 7.5 High | ||
| An issue in the itc_sample_row_check component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57635 | 2025-01-14 | 7.5 High | ||
| An issue in the chash_array component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57634 | 2025-01-14 | 7.5 High | ||
| An issue in the exp_copy component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||