Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-0391 | Injection vulnerability in multiple products A flaw was found in Python, specifically within the urllib.parse module. | 7.5 |
| 2022-02-04 | CVE-2020-12965 | Injection vulnerability in AMD products When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage. | 7.5 |
| 2022-01-25 | CVE-2021-36348 | Injection vulnerability in Dell Integrated Dell Remote Access Controller 9 Firmware iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. | 8.1 |
| 2022-01-25 | CVE-2021-39031 | Injection vulnerability in IBM Websphere Application Server IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. | 8.8 |
| 2022-01-15 | CVE-2021-44537 | Injection vulnerability in multiple products ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution. | 7.8 |
| 2022-01-14 | CVE-2021-44530 | Injection vulnerability in UI Unifi Network Controller An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application. | 9.8 |
| 2022-01-12 | CVE-2021-42561 | Injection vulnerability in Mitre Caldera An issue was discovered in CALDERA 2.8.1. | 8.8 |
| 2022-01-10 | CVE-2021-24948 | Injection vulnerability in Posimyth the Plus Addons for Elementor The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts | 7.5 |
| 2022-01-03 | CVE-2021-25994 | Injection vulnerability in Userfrosting In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. | 8.8 |
| 2021-12-30 | CVE-2021-45818 | Injection vulnerability in Safarimontage Safari Montage 8.7.32 SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting. | 6.1 |