Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-11 | CVE-2021-25980 | Injection vulnerability in Talkyard In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. | 8.8 |
| 2021-11-09 | CVE-2021-43185 | Injection vulnerability in Jetbrains Youtrack JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. | 9.8 |
| 2021-11-03 | CVE-2021-36697 | Injection vulnerability in Artica Pandora FMS With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. | 6.7 |
| 2021-10-22 | CVE-2020-23050 | Injection vulnerability in Taotesting TAO Assessment Platform 3.3.0 TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. | 8.0 |
| 2021-10-20 | CVE-2021-41163 | Injection vulnerability in Discourse Discourse is an open source platform for community discussion. | 9.8 |
| 2021-10-20 | CVE-2021-21743 | Injection vulnerability in ZTE Mf971R Firmware ZTE MF971R product has a CRLF injection vulnerability. | 4.3 |
| 2021-10-14 | CVE-2021-37933 | Injection vulnerability in Huntflow Enterprise An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. | 7.5 |
| 2021-10-13 | CVE-2021-22035 | Injection vulnerability in VMWare products VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. | 4.3 |
| 2021-10-13 | CVE-2021-20802 | Injection vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9 HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product. | 5.3 |
| 2021-10-12 | CVE-2021-38458 | Injection vulnerability in Moxa Mxview A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | 9.8 |