Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-15 | CVE-2022-38357 | Injection vulnerability in Eyeofnetwork Eyes of Network web 5.3 Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/module_frame/index.php. | 8.8 |
| 2022-08-15 | CVE-2022-35954 | Injection vulnerability in Github Toolkit The GitHub Actions ToolKit provides a set of packages to make creating actions easier. | 5.0 |
| 2022-08-05 | CVE-2022-31658 | Injection vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. | 7.2 |
| 2022-08-05 | CVE-2022-31665 | Injection vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. | 7.2 |
| 2022-08-01 | CVE-2022-36302 | Injection vulnerability in Bosch Bf-Os File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information. | 5.4 |
| 2022-07-25 | CVE-2021-40336 | Injection vulnerability in Hitachienergy Modular Switchgear Monitoring Firmware 2.1.0/2.2.0 A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. | 8.8 |
| 2022-07-19 | CVE-2022-22360 | Injection vulnerability in IBM products IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. | 8.8 |
| 2022-07-14 | CVE-2021-39028 | Injection vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
| 2022-07-12 | CVE-2021-36668 | Injection vulnerability in Druva Insync Client URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App. | 7.8 |
| 2022-07-08 | CVE-2022-34914 | Injection vulnerability in Webswing Webswing before 22.1.3 allows X-Forwarded-For header injection. | 9.8 |