Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-04 | CVE-2022-20772 | Injection vulnerability in Cisco products A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. | 5.3 |
| 2022-11-03 | CVE-2022-39382 | Injection vulnerability in Keystonejs Keystone 3.0.0/3.0.1 Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/[email protected] || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production builds are vulnerable to `NODE_ENV` being inlined to `"development"` for user code, irrespective of what your environment variables. | 9.8 |
| 2022-10-31 | CVE-2022-39016 | Injection vulnerability in M-Files Hubshare Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. | 8.8 |
| 2022-10-28 | CVE-2021-38395 | Injection vulnerability in Honeywell products Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 9.8 |
| 2022-10-19 | CVE-2022-3607 | Injection vulnerability in Octoprint Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. | 6.0 |
| 2022-10-17 | CVE-2022-2992 | Injection vulnerability in Gitlab A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint. | 9.9 |
| 2022-10-11 | CVE-2021-36913 | Injection vulnerability in Redirection-For-Contact-Form7 Redirection for Contact Form 7 Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. | 7.5 |
| 2022-09-29 | CVE-2020-27602 | Injection vulnerability in Bigbluebutton BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken. | 9.8 |
| 2022-09-28 | CVE-2022-3215 | Injection vulnerability in Apple Swiftnio NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. | 7.5 |
| 2022-09-26 | CVE-2021-41437 | Injection vulnerability in Asus Rt-Ax88U Firmware An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker. | 6.5 |