Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-09-07 CVE-2021-40143 Injection vulnerability in Sonatype Nexus Repository Manager 3
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection.
network
low complexity
sonatype CWE-74
6.4
2021-09-01 CVE-2021-36022 Injection vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout.
network
low complexity
adobe CWE-74
6.5
2021-08-30 CVE-2021-26084 Injection vulnerability in Atlassian Confluence
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
network
low complexity
atlassian CWE-74
7.5
2021-08-18 CVE-2020-18875 Injection vulnerability in Dotcms
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files.
network
low complexity
dotcms CWE-74
6.5
2021-08-16 CVE-2021-32827 Injection vulnerability in Mock-Server Mockserver
MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS.
6.8
2021-08-09 CVE-2020-23148 Injection vulnerability in Rconfig 3.9.5
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request.
network
low complexity
rconfig CWE-74
5.0
2021-08-09 CVE-2021-22910 Injection vulnerability in Rocket.Chat
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.
network
low complexity
rocket-chat CWE-74
7.5
2021-08-09 CVE-2021-38290 Injection vulnerability in Thedaylightstudio Fuel CMS
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php.
6.8
2021-08-04 CVE-2020-24821 Injection vulnerability in Libelfin Project Libelfin 0.3
A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
4.3
2021-08-04 CVE-2020-24822 Injection vulnerability in Libelfin Project Libelfin 0.3
A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
4.3