Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-01 | CVE-2021-41282 | Injection vulnerability in Pfsense 2.5.2 diag_routes.php in pfSense 2.5.2 allows sed data injection. | 8.8 |
| 2022-02-24 | CVE-2022-23701 | Injection vulnerability in HPE Integrated Lights-Out A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. | 5.3 |
| 2022-02-24 | CVE-2021-44550 | Injection vulnerability in Stanford Corenlp 4.3.2 An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159). | 9.8 |
| 2022-02-18 | CVE-2022-25337 | Injection vulnerability in Ibexa EZ Platform Kernel Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames. | 9.8 |
| 2022-02-09 | CVE-2022-0391 | Injection vulnerability in multiple products A flaw was found in Python, specifically within the urllib.parse module. | 7.5 |
| 2022-02-09 | CVE-2022-23616 | Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2022-02-04 | CVE-2020-12965 | Injection vulnerability in AMD products When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage. | 7.5 |
| 2022-01-25 | CVE-2021-36348 | Injection vulnerability in Dell Integrated Dell Remote Access Controller 9 Firmware iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. | 8.1 |
| 2022-01-25 | CVE-2021-39031 | Injection vulnerability in IBM Websphere Application Server IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. | 8.8 |
| 2022-01-15 | CVE-2021-44537 | Injection vulnerability in multiple products ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution. | 7.8 |