Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-40143 | Injection vulnerability in Sonatype Nexus Repository Manager 3 Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. | 6.4 |
| 2021-09-01 | CVE-2021-36022 | Injection vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. | 6.5 |
| 2021-08-30 | CVE-2021-26084 | Injection vulnerability in Atlassian Confluence In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. | 7.5 |
| 2021-08-18 | CVE-2020-18875 | Injection vulnerability in Dotcms Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files. | 6.5 |
| 2021-08-16 | CVE-2021-32827 | Injection vulnerability in Mock-Server Mockserver MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS. | 6.8 |
| 2021-08-09 | CVE-2020-23148 | Injection vulnerability in Rconfig 3.9.5 The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request. | 5.0 |
| 2021-08-09 | CVE-2021-22910 | Injection vulnerability in Rocket.Chat A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. | 7.5 |
| 2021-08-09 | CVE-2021-38290 | Injection vulnerability in Thedaylightstudio Fuel CMS A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. | 6.8 |
| 2021-08-04 | CVE-2020-24821 | Injection vulnerability in Libelfin Project Libelfin 0.3 A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | 4.3 |
| 2021-08-04 | CVE-2020-24822 | Injection vulnerability in Libelfin Project Libelfin 0.3 A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | 4.3 |