Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-19 | CVE-2022-3607 | Injection vulnerability in Octoprint Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. | 6.0 |
| 2022-10-17 | CVE-2022-2992 | Injection vulnerability in Gitlab A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint. | 9.9 |
| 2022-10-11 | CVE-2021-36913 | Injection vulnerability in Redirection-For-Contact-Form7 Redirection for Contact Form 7 Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. | 7.5 |
| 2022-10-06 | CVE-2022-39265 | Injection vulnerability in Mybb MyBB is a free and open source forum software. | 7.2 |
| 2022-09-29 | CVE-2020-27602 | Injection vulnerability in Bigbluebutton BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken. | 9.8 |
| 2022-09-28 | CVE-2022-3215 | Injection vulnerability in Apple Swiftnio NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. | 7.5 |
| 2022-09-26 | CVE-2021-41437 | Injection vulnerability in Asus Rt-Ax88U Firmware An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker. | 6.5 |
| 2022-09-19 | CVE-2022-35914 | Injection vulnerability in Glpi-Project Glpi /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. | 9.8 |
| 2022-09-14 | CVE-2022-38796 | Injection vulnerability in Feehi CMS 2.1.1 A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. | 6.1 |
| 2022-09-09 | CVE-2022-34165 | Injection vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. | 5.4 |