Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-15 | CVE-2020-35775 | Injection vulnerability in Citsmart CITSmart before 9.1.2.23 allows LDAP Injection. | 9.8 |
| 2021-02-12 | CVE-2021-20644 | Injection vulnerability in Elecom Wrc-1467Ghbk-A Firmware ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page. | 6.1 |
| 2021-02-11 | CVE-2021-23335 | Injection vulnerability in Is-User-Valid Project Is-User-Valid All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure. | 7.5 |
| 2021-02-09 | CVE-2021-21479 | Injection vulnerability in SAP Scimono In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. | 9.1 |
| 2021-02-09 | CVE-2021-21141 | Injection vulnerability in multiple products Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page. | 6.5 |
| 2021-02-09 | CVE-2021-21137 | Injection vulnerability in multiple products Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. | 6.5 |
| 2021-02-04 | CVE-2021-1221 | Injection vulnerability in Cisco Webex Meetings Server A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. | 4.1 |
| 2021-01-30 | CVE-2020-15690 | Injection vulnerability in Nim-Lang NIM In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character. | 9.8 |
| 2021-01-08 | CVE-2020-5019 | Injection vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.5 |
| 2021-01-08 | CVE-2020-27260 | Injection vulnerability in Innokasmedical Vital Signs Monitor Vc150 Firmware Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 HL7 v2.x injection vulnerabilities exist in the affected products that allow physically proximate attackers with a connected barcode reader to inject HL7 v2.x segments into specific HL7 v2.x messages via multiple expected parameters. | 5.3 |