Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-08-18 CVE-2020-18875 Injection vulnerability in Dotcms
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files.
network
low complexity
dotcms CWE-74
6.5
2021-08-16 CVE-2021-32827 Injection vulnerability in Mock-Server Mockserver
MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS.
6.8
2021-08-09 CVE-2020-23148 Injection vulnerability in Rconfig 3.9.5
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request.
network
low complexity
rconfig CWE-74
5.0
2021-08-09 CVE-2021-22910 Injection vulnerability in Rocket.Chat
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.
network
low complexity
rocket-chat CWE-74
7.5
2021-08-09 CVE-2021-38290 Injection vulnerability in Thedaylightstudio Fuel CMS
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php.
6.8
2021-08-04 CVE-2020-24821 Injection vulnerability in Libelfin Project Libelfin 0.3
A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
4.3
2021-08-04 CVE-2020-24822 Injection vulnerability in Libelfin Project Libelfin 0.3
A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
4.3
2021-08-04 CVE-2020-24823 Injection vulnerability in Libelfin Project Libelfin 0.3
A vulnerability in the dwarf::to_string function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
4.3
2021-08-04 CVE-2020-24825 Injection vulnerability in Libelfin Project Libelfin 0.3
A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
4.3
2021-08-04 CVE-2020-24826 Injection vulnerability in Libelfin Project Libelfin 0.3
A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
4.3