Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-20 | CVE-2021-41163 | Injection vulnerability in Discourse Discourse is an open source platform for community discussion. | 9.8 |
| 2021-10-20 | CVE-2021-21743 | Injection vulnerability in ZTE Mf971R Firmware ZTE MF971R product has a CRLF injection vulnerability. | 4.3 |
| 2021-10-14 | CVE-2021-37933 | Injection vulnerability in Huntflow Enterprise An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. | 7.5 |
| 2021-10-13 | CVE-2021-22035 | Injection vulnerability in VMWare products VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. | 4.3 |
| 2021-10-13 | CVE-2021-20802 | Injection vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9 HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product. | 5.3 |
| 2021-10-12 | CVE-2021-38458 | Injection vulnerability in Moxa Mxview A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | 9.8 |
| 2021-10-06 | CVE-2021-41128 | Injection vulnerability in Hygeia Project Hygeia Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. | 8.8 |
| 2021-10-05 | CVE-2021-31988 | Injection vulnerability in Axis products A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email. | 8.8 |
| 2021-10-05 | CVE-2021-35504 | Injection vulnerability in Afian Filerun Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. | 7.2 |
| 2021-10-05 | CVE-2021-35505 | Injection vulnerability in Afian Filerun Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. | 7.2 |