Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-09 | CVE-2022-1287 | Injection vulnerability in School Club Application System Project School Club Application System 1.0 A vulnerability classified as critical was found in School Club Application System 1.0. | 9.8 |
| 2022-03-29 | CVE-2022-25420 | Injection vulnerability in Nttr GOO Blog 1.0 NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. | 9.8 |
| 2022-03-27 | CVE-2022-26205 | Injection vulnerability in Marky Project Marky Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. | 9.8 |
| 2022-03-14 | CVE-2022-22344 | Injection vulnerability in IBM Spectrum Copy Data Management IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.1 |
| 2022-03-01 | CVE-2021-41282 | Injection vulnerability in Pfsense 2.5.2 diag_routes.php in pfSense 2.5.2 allows sed data injection. | 8.8 |
| 2022-02-24 | CVE-2022-23701 | Injection vulnerability in HPE Integrated Lights-Out A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. | 5.3 |
| 2022-02-24 | CVE-2021-44550 | Injection vulnerability in Stanford Corenlp 4.3.2 An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159). | 9.8 |
| 2022-02-18 | CVE-2022-25337 | Injection vulnerability in Ibexa EZ Platform Kernel Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames. | 9.8 |
| 2022-02-09 | CVE-2022-0391 | Injection vulnerability in multiple products A flaw was found in Python, specifically within the urllib.parse module. | 7.5 |
| 2022-02-04 | CVE-2020-12965 | Injection vulnerability in AMD products When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage. | 7.5 |