Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-01-15 CVE-2021-44537 Injection vulnerability in Owncloud
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.
network
owncloud CWE-74
6.8
2022-01-14 CVE-2021-44530 Injection vulnerability in UI Unifi Network Controller
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application.
network
low complexity
ui CWE-74
7.5
2022-01-14 CVE-2021-32649 Injection vulnerability in Octobercms October
October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework.
network
low complexity
octobercms CWE-74
6.5
2022-01-14 CVE-2021-32650 Injection vulnerability in Octobercms October 1.0.472/1.1.5
October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework.
network
low complexity
octobercms CWE-74
6.5
2022-01-10 CVE-2021-29454 Injection vulnerability in Smarty
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.
network
low complexity
smarty CWE-74
6.5
2022-01-06 CVE-2022-21663 Injection vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database.
network
low complexity
wordpress debian CWE-74
6.5
2022-01-03 CVE-2021-25994 Injection vulnerability in Userfrosting
In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection.
6.8
2021-12-30 CVE-2021-4181 Injection vulnerability in Wireshark
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark CWE-74
5.0
2021-12-30 CVE-2021-4182 Injection vulnerability in Wireshark
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark CWE-74
5.0
2021-12-30 CVE-2021-4183 Injection vulnerability in Wireshark 3.6.0
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
network
wireshark CWE-74
4.3