Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-11 | CVE-2022-24838 | Injection vulnerability in Nextcloud Calendar Nextcloud Calendar is a calendar application for the nextcloud framework. | 9.8 |
| 2022-04-11 | CVE-2021-22055 | Injection vulnerability in VMWare Photon OS The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. | 5.3 |
| 2022-04-09 | CVE-2022-1287 | Injection vulnerability in School Club Application System Project School Club Application System 1.0 A vulnerability classified as critical was found in School Club Application System 1.0. | 9.8 |
| 2022-03-29 | CVE-2022-25420 | Injection vulnerability in Nttr GOO Blog 1.0 NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. | 9.8 |
| 2022-03-27 | CVE-2022-26205 | Injection vulnerability in Marky Project Marky Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. | 9.8 |
| 2022-03-14 | CVE-2022-22344 | Injection vulnerability in IBM Spectrum Copy Data Management IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.1 |
| 2022-03-01 | CVE-2021-41282 | Injection vulnerability in Pfsense 2.5.2 diag_routes.php in pfSense 2.5.2 allows sed data injection. | 8.8 |
| 2022-02-24 | CVE-2022-23701 | Injection vulnerability in HPE Integrated Lights-Out A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. | 5.3 |
| 2022-02-24 | CVE-2021-44550 | Injection vulnerability in Stanford Corenlp 4.3.2 An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159). | 9.8 |
| 2022-02-18 | CVE-2022-25337 | Injection vulnerability in Ibexa EZ Platform Kernel Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames. | 9.8 |