Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-16 | CVE-2021-37262 | Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service. | 7.5 |
| 2021-12-15 | CVE-2021-41276 | Injection vulnerability in Enalean Tuleap Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. | 7.2 |
| 2021-12-15 | CVE-2021-43782 | Injection vulnerability in Enalean Tuleap Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. | 7.2 |
| 2021-12-06 | CVE-2021-43038 | Injection vulnerability in Kaseya Unitrends Backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. | 8.8 |
| 2021-11-24 | CVE-2021-38873 | Injection vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. | 7.8 |
| 2021-11-23 | CVE-2021-37033 | Injection vulnerability in Huawei Emui and Magic UI There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. | 7.5 |
| 2021-11-20 | CVE-2021-36322 | Injection vulnerability in Dell products Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. | 6.1 |
| 2021-11-11 | CVE-2021-34419 | Injection vulnerability in Zoom Client for Meetings In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. | 5.3 |
| 2021-11-11 | CVE-2021-43350 | Injection vulnerability in Apache Traffic Control An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter. | 9.8 |
| 2021-11-11 | CVE-2021-25980 | Injection vulnerability in Talkyard In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. | 8.8 |