Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-01 | CVE-2022-31179 | Injection vulnerability in Shescape Project Shescape Shescape is a simple shell escape package for JavaScript. | 9.8 |
| 2022-08-01 | CVE-2022-36302 | Injection vulnerability in Bosch Bf-Os File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information. | 5.4 |
| 2022-07-25 | CVE-2021-40336 | Injection vulnerability in Hitachienergy Modular Switchgear Monitoring Firmware 2.1.0/2.2.0 A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. | 8.8 |
| 2022-07-23 | CVE-2016-15004 | Injection vulnerability in Revmakx Infinitewp Client 1.5.1.3/1.6.0 A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. | 9.8 |
| 2022-07-19 | CVE-2022-22360 | Injection vulnerability in IBM products IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. | 8.8 |
| 2022-07-14 | CVE-2021-39028 | Injection vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
| 2022-07-12 | CVE-2022-31593 | Injection vulnerability in SAP Business ONE 10.0 SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. | 8.8 |
| 2022-07-12 | CVE-2021-36668 | Injection vulnerability in Druva Insync Client URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App. | 7.8 |
| 2022-07-08 | CVE-2022-34914 | Injection vulnerability in Webswing Webswing before 22.1.3 allows X-Forwarded-For header injection. | 9.8 |
| 2022-07-08 | CVE-2022-33011 | Injection vulnerability in Withknown Known Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack. | 8.8 |